exploitDog

CVE-2005-4138

Опубликовано: 09 дек. 2005

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php.

Ссылки

http://kapda.ir/advisory-149.html
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/418837/100/0/threaded
http://www.securityfocus.com/bid/15763
Patch
http://kapda.ir/advisory-149.html
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/418837/100/0/threaded
http://www.securityfocus.com/bid/15763
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thwboard:thwboard_beta:2.8:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00396

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-qmjx-9m9f-8g3v

github

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php.

EPSS

Процентиль: 60%

0.00396

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other