Описание
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
Ссылки
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*
cpe:2.3:a:maxwebportal:maxwebportal:1.31:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04271
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
EPSS
Процентиль: 89%
0.04271
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other