exploitDog

GHSA-7x4x-5cr5-pcpx

Опубликовано: 23 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 6.4

Описание

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies.

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies.

Ссылки

EPSS

Процентиль: 8%

0.0003

Низкий

5.1 Medium

CVSS4

6.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-47906

CVSS3: 6.4

nvd

15 дней назад

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies.

EPSS

Процентиль: 8%

0.0003

Низкий

5.1 Medium

CVSS4

6.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79