Описание
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.1_beta_1 (включая)
Одно из
cpe:2.3:a:positive_software:h-sphere:*:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.5:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.5_patch_1:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.5_patch_2:*:*:*:*:*:*:*
cpe:2.3:a:positive_software:h-sphere:2.5_rc_3:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00527
Низкий
2.6 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
EPSS
Процентиль: 67%
0.00527
Низкий
2.6 Low
CVSS2
Дефекты
NVD-CWE-Other