Описание
Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:flexcms:flexcms:2.0:*:*:*:*:*:*:*
cpe:2.3:a:flexcms:flexcms:2.5:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02903
Низкий
2.6 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.
EPSS
Процентиль: 86%
0.02903
Низкий
2.6 Low
CVSS2
Дефекты
CWE-79