CVE-2008-6097

Опубликовано: 09 фев. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wikyblog:wikyblog:*:*:*:*:*:*:*:*

Версия до 1.7 (включая)

cpe:2.3:a:wikyblog:wikyblog:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.7:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.8:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.9:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.10:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.11:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.12:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.13:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.14:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.4.15:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.7.2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.7.3:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.5.7.4:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6.1.3:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6.1.6:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6.1.7:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6b1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6b2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.6b3:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7:rc3:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7.1:rc1:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7.1:rc2:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7.1b1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7.1b2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7b1:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7b2:*:*:*:*:*:*:*

cpe:2.3:a:wikyblog:wikyblog:1.7b3:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00313

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6xrf-hmv4-8vwv

github

больше 3 лет назад