CVE-2007-0519

Опубликовано: 26 янв. 2007

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.

Ссылки

http://aria-security.com/forum/showthread.php?p=129
http://securityreason.com/securityalert/2182
http://www.securityfocus.com/archive/1/457630/100/0/threaded
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
https://exchange.xforce.ibmcloud.com/vulnerabilities/31661
http://aria-security.com/forum/showthread.php?p=129
http://securityreason.com/securityalert/2182
http://www.securityfocus.com/archive/1/457630/100/0/threaded
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
https://exchange.xforce.ibmcloud.com/vulnerabilities/31661

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xmb_software:u2u_instant_messenger:*:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00222

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xwcx-wmqx-wc85

github

больше 3 лет назад