exploitDog

GHSA-vx29-vgxf-w9r9

Опубликовано: 02 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.

Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.

Ссылки

EPSS

Процентиль: 93%

0.09199

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2009-1408

nvd

почти 17 лет назад

Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.

EPSS

Процентиль: 93%

0.09199

Низкий

CVE ID

Дефекты

CWE-79