Описание
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
Ссылки
- ExploitVendor Advisory
- PatchVendor Advisory
- ExploitPatch
- ExploitPatch
- ExploitVendor Advisory
- PatchVendor Advisory
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00721
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 20 лет назад
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
EPSS
Процентиль: 72%
0.00721
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other