Описание
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-4307
- http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html
- http://secunia.com/advisories/18084
- http://www.osvdb.org/21777
- http://www.osvdb.org/21778
- http://www.osvdb.org/21779
- http://www.securityfocus.com/bid/15915
- http://www.vupen.com/english/advisories/2005/2937
EPSS
Процентиль: 81%
0.01509
Низкий
CVE ID
Связанные уязвимости
nvd
около 20 лет назад
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
EPSS
Процентиль: 81%
0.01509
Низкий