exploitDog

GHSA-ghvf-2gc8-6f3w

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.

Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.

Ссылки

EPSS

Процентиль: 63%

0.00441

Низкий

CVE ID

Связанные уязвимости

CVE-2005-1945

nvd

больше 20 лет назад

Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.

EPSS

Процентиль: 63%

0.00441

Низкий

CVE ID