Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-3fm8-7gpf-p8fm

Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.1

Описание

SocialNetwork Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. A patch for the vulnerability is available at https://github.com/andreas83/SocialNetwork/commit/1b0799d08fda2f3099beaae1234b8b468deb8db1

Ссылки

Пакеты

Наименование

movingbytes/social-network

composer
Затронутые версииВерсия исправления

<= 1.2.1

Отсутствует

EPSS

Процентиль: 45%
0.00223
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2017-7390

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2017-7390

CVSS3: 6.1
nvd
почти 9 лет назад

A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

EPSS

Процентиль: 45%
0.00223
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2017-7390

Дефекты

CWE-79