exploitDog

CVE-2007-6374

Опубликовано: 15 дек. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bitweaver:bitweaver:*:*:*:*:*:*:*:*

Версия до 2.0.0 (включая)

EPSS

Процентиль: 74%

0.00847

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5h2q-v3jg-86vj

github

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.

EPSS

Процентиль: 74%

0.00847

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79