CVE-2003-1187

Опубликовано: 02 нояб. 2003

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.

Ссылки

http://badwebmasters.net/advisory/017/
Exploit
Vendor Advisory
URL Repurposed
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013139.html
Vendor Advisory
http://www.securityfocus.com/bid/8960
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/13590
http://badwebmasters.net/advisory/017/
Exploit
Vendor Advisory
URL Repurposed
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013139.html
Vendor Advisory
http://www.securityfocus.com/bid/8960
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/13590

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phpkit:phpkit:1.6.02:*:*:*:*:*:*:*

cpe:2.3:a:phpkit:phpkit:1.6.03:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00655

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-v7wx-qc33-8mj2

github

почти 4 года назад