CVE-2008-2566

Опубликовано: 06 июн. 2008

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.

Ссылки

http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html
Exploit
http://secunia.com/advisories/30540
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42856
https://exchange.xforce.ibmcloud.com/vulnerabilities/99624
https://www.exploit-db.com/exploits/5739
http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html
Exploit
http://secunia.com/advisories/30540
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42856
https://exchange.xforce.ibmcloud.com/vulnerabilities/99624
https://www.exploit-db.com/exploits/5739

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php-address_book:php-address_book:*:*:*:*:*:*:*:*

Версия до 3.1.5 (включая)

EPSS

Процентиль: 89%

0.0453

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j4wm-6wrv-77w7

github

почти 4 года назад