CVE-2008-5211

Опубликовано: 24 нояб. 2008

Источник: nvd

CVSS2: 2.6

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.

Ссылки

http://secunia.com/advisories/30082
Vendor Advisory
http://securityreason.com/securityalert/4629
http://users.own-hero.net/~decoder/advisories/sphider134-xss.txt
Exploit
http://www.securityfocus.com/archive/1/491712/100/0/threaded
http://www.securityfocus.com/bid/29074
https://exchange.xforce.ibmcloud.com/vulnerabilities/42240
http://secunia.com/advisories/30082
Vendor Advisory
http://securityreason.com/securityalert/4629
http://users.own-hero.net/~decoder/advisories/sphider134-xss.txt
Exploit
http://www.securityfocus.com/archive/1/491712/100/0/threaded
http://www.securityfocus.com/bid/29074
https://exchange.xforce.ibmcloud.com/vulnerabilities/42240

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sphider:sphider:1.3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05083

Низкий

2.6 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wcmq-9r4x-w336

github

больше 3 лет назад