Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-q4hv-mqvp-73qc

Опубликовано: 01 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.

Ссылки

EPSS

Процентиль: 70%
0.00654
Низкий

CVE ID

CVE-2007-6574

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2007-6574

nvd
около 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.

EPSS

Процентиль: 70%
0.00654
Низкий

CVE ID

CVE-2007-6574

Дефекты

CWE-79