exploitDog

GHSA-2c8r-x33h-7828

Опубликовано: 02 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.

Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.

Ссылки

EPSS

Процентиль: 86%

0.02903

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2008-3715

nvd

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.

EPSS

Процентиль: 86%

0.02903

Низкий

CVE ID

Дефекты

CWE-79