Описание
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:positive_software:h-sphere:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.1_patch_1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.1_patch_2:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.1_patch_3:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.1_patch_4:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.1_patch_5:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.1_patch_6:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.1_patch_7:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_beta_1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_beta_2:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_beta_3:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_patch_1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_patch_2:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_patch_3:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_patch_4:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_patch_5:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_rc1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.2_rc2:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_beta_1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_beta_2:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_patch_1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_patch_2:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_patch_3:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_patch_4:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_patch_5:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_patch_6:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_patch_7:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_patch_8:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_rc1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.4.3_rc2:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00527
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.
EPSS
Процентиль: 67%
0.00527
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other