Описание
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ralph_capper:tinyphpforum:3.5:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.6:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.46:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.47:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.48:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.49:*:*:*:*:*:*:*
cpe:2.3:a:ralph_capper:tinyphpforum:3.499:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00675
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.
EPSS
Процентиль: 71%
0.00675
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other