CVE-2009-2114

Опубликовано: 18 июн. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters.

Ссылки

http://forum.intern0t.net/intern0t-advisories/1120-intern0t-skybluecanvas-1-1-r237-multiple-vulnerabilities.html
Exploit
http://osvdb.org/55115
Exploit
http://secunia.com/advisories/35478
Vendor Advisory
http://www.securityfocus.com/archive/1/504302/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/51165
http://forum.intern0t.net/intern0t-advisories/1120-intern0t-skybluecanvas-1-1-r237-multiple-vulnerabilities.html
Exploit
http://osvdb.org/55115
Exploit
http://secunia.com/advisories/35478
Vendor Advisory
http://www.securityfocus.com/archive/1/504302/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/51165

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:skybluecanvas:skybluecanvas:1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01142

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pwhc-6vjg-8jh2

github

почти 4 года назад