Описание
Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- ExploitPatch
- ExploitPatch
- Patch
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- ExploitPatch
- ExploitPatch
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до r_2_5_0_41 (включая)
Одно из
cpe:2.3:a:open_source_development_network:slashcode:*:*:*:*:*:*:*:*
cpe:2.3:a:open_source_development_network:slashcode:2.2.5:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00871
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 20 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like A ...
github
больше 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.
EPSS
Процентиль: 74%
0.00871
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other