Описание
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:belchior_foundry:vcard:2.6:*:*:*:*:*:*:*
cpe:2.3:a:belchior_foundry:vcard:2.8:*:*:*:*:*:*:*
cpe:2.3:a:belchior_foundry:vcard:2.9:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00842
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.
EPSS
Процентиль: 74%
0.00842
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79