exploitDog

GHSA-p9rr-c8q5-qjqc

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.

Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.

Ссылки

EPSS

Процентиль: 66%

0.00504

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2006-2084

nvd

почти 20 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.

EPSS

Процентиль: 66%

0.00504

Низкий

CVE ID

Дефекты

CWE-79