Описание
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:asp-nuke:asp-nuke:rc1:*:*:*:*:*:*:*
cpe:2.3:a:asp-nuke:asp-nuke:rc2:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01414
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
EPSS
Процентиль: 80%
0.01414
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other