Описание
Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.
Ссылки
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:novemberborn:sifr:2.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06134
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.
EPSS
Процентиль: 91%
0.06134
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79