Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-9v4j-g8j9-mmgr

Опубликовано: 17 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.

Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.

Ссылки

EPSS

Процентиль: 85%
0.0248
Низкий

CVE ID

CVE-2012-2156

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2012-2156

nvd
почти 14 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.

EPSS

Процентиль: 85%
0.0248
Низкий

CVE ID

CVE-2012-2156

Дефекты

CWE-79