CVE-2004-1871

Опубликовано: 29 мар. 2004

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.

Ссылки

http://marc.info/?l=bugtraq&m=108057790723123&w=2
http://secunia.com/advisories/11241
Exploit
Patch
Vendor Advisory
http://securitytracker.com/id?1009571
Vendor Advisory
http://www.gulftech.org/03282004.php
http://www.securityfocus.com/bid/9994
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15643
http://marc.info/?l=bugtraq&m=108057790723123&w=2
http://secunia.com/advisories/11241
Exploit
Patch
Vendor Advisory
http://securitytracker.com/id?1009571
Vendor Advisory
http://www.gulftech.org/03282004.php
http://www.securityfocus.com/bid/9994
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15643

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:photopost:photopost_php_pro:3.1:*:*:*:*:*:*:*

cpe:2.3:a:photopost:photopost_php_pro:3.2:*:*:*:*:*:*:*

cpe:2.3:a:photopost:photopost_php_pro:3.3:*:*:*:*:*:*:*

cpe:2.3:a:photopost:photopost_php_pro:4.0:*:*:*:*:*:*:*

cpe:2.3:a:photopost:photopost_php_pro:4.1:*:*:*:*:*:*:*

cpe:2.3:a:photopost:photopost_php_pro:4.6:*:*:*:*:*:*:*

cpe:2.3:a:photopost:photopost_php_pro:4.8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12116

Средний

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-q8xc-297m-368w

github

почти 4 года назад