Описание
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:web-app.org:webapp:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.1:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.2:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.3:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.4:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00637
Низкий
5.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).
EPSS
Процентиль: 70%
0.00637
Низкий
5.8 Medium
CVSS2
Дефекты
NVD-CWE-Other