Описание
Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:jax_scripts:jax_guestbook:3.1:*:*:*:*:*:*:*
cpe:2.3:a:jax_scripts:jax_guestbook:3.31:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00189
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected.
EPSS
Процентиль: 41%
0.00189
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79