CVE-2008-3560

Опубликовано: 08 авг. 2008

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Ссылки

http://downloads.securityfocus.com/vulnerabilities/exploits/30576.html
Exploit
http://lostmon.blogspot.com/2008/08/kshop-module-search-variable-and-field.html
http://secunia.com/advisories/31402
Vendor Advisory
http://www.securityfocus.com/bid/30576
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/44261
http://downloads.securityfocus.com/vulnerabilities/exploits/30576.html
Exploit
http://lostmon.blogspot.com/2008/08/kshop-module-search-variable-and-field.html
http://secunia.com/advisories/31402
Vendor Advisory
http://www.securityfocus.com/bid/30576
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/44261

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xoops:kshop_module:2.22:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02524

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m6m5-v2j5-7rhr

github

почти 4 года назад