Описание
Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tuttophp:morris_guestbook:*:*:*:*:*:*:*:*
cpe:2.3:a:tuttophp:pretty_guestbook:*:*:*:*:*:*:*:*
cpe:2.3:a:tuttophp:smile_guestbook:*:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.0127
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter.
EPSS
Процентиль: 79%
0.0127
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other