Описание
Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01253
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php.
EPSS
Процентиль: 79%
0.01253
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other