GHSA-h4fh-gpvh-753g

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Yab Quarx persistent cross-site scripting vulnerability

Yab Quarx before 2.4.5 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2018-7274
https://github.com/GrafiteInc/CMS/issues/115
https://github.com/YABhq/Quarx/issues/116
https://github.com/GrafiteInc/CMS/commit/dcc1a5ac3c6d48afd3b8b9d8b11a9c6bfeb75f77
http://seclists.org/bugtraq/2018/Feb/53
http://www.securityfocus.com/bid/103081

Пакеты

Наименование

yab/quarx

composer

Затронутые версииВерсия исправления

< 2.4.5

2.4.5

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-7274

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-7274

CVSS3: 6.1

nvd

почти 8 лет назад

Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-7274

Дефекты

CWE-79