Описание
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- Patch
- PatchVendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- ExploitPatch
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:fuzzymonkey:my_blog:1.0:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.2:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.3:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.4:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.5:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.6:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.21:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.22:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.23:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.31:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.51:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.52:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.61:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.62:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.63:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.64:*:*:*:*:*:*:*
cpe:2.3:a:m_blom:html-bbcode:1.03:*:*:*:*:*:*:*
cpe:2.3:a:m_blom:html-bbcode:1.04:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12107
Средний
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
EPSS
Процентиль: 94%
0.12107
Средний
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other