CVE-2006-5036

Опубликовано: 27 сент. 2006

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:squiz:mysource_classic:*:*:*:*:*:*:*:*

Версия до 2.16.2 (включая)

cpe:2.3:a:squiz:mysource_matrix:*:*:*:*:*:*:*:*

Версия до 3.8 (включая)

EPSS

Процентиль: 79%

0.01243

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-56wg-2vx4-q6pc

github

почти 4 года назад

** DISPUTED ** MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability."