Описание
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
Ссылки
- ExploitPatchVendor Advisory
- Patch
- ExploitVendor AdvisoryURL Repurposed
- Exploit
- ExploitPatchVendor Advisory
- Patch
- ExploitVendor AdvisoryURL Repurposed
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:comscripts:phprog:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01088
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
EPSS
Процентиль: 77%
0.01088
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other