CVE-2008-1850

Опубликовано: 16 апр. 2008

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters.

Ссылки

http://secunia.com/advisories/29779
Vendor Advisory
http://www.mrzayas.es/2008/04/11/xss-en-osiaffiliate/
http://www.osvdb.org/44376
http://www.securityfocus.com/bid/28785
http://www.securityfocus.com/bid/28793
https://exchange.xforce.ibmcloud.com/vulnerabilities/41811
https://exchange.xforce.ibmcloud.com/vulnerabilities/41825
http://secunia.com/advisories/29779
Vendor Advisory
http://www.mrzayas.es/2008/04/11/xss-en-osiaffiliate/
http://www.osvdb.org/44376
http://www.securityfocus.com/bid/28785
http://www.securityfocus.com/bid/28793
https://exchange.xforce.ibmcloud.com/vulnerabilities/41811
https://exchange.xforce.ibmcloud.com/vulnerabilities/41825

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osiaffiliate:osiaffiliate:*:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00475

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fq5c-5q63-mpv6

github

почти 4 года назад