Описание
Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Patch
- PatchVendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.10.2 (включая)
Одно из
cpe:2.3:a:mozilo:mozilocms:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilo:mozilocms:1.10.1:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00357
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.
EPSS
Процентиль: 57%
0.00357
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79