Описание
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
Ссылки
- Patch
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.7 (включая)
Одно из
cpe:2.3:a:4homepages:4images:*:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.0:rc-1:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.0:rc-2:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.5:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.6:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.7:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:4homepages:4images:1.7.6:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01289
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
EPSS
Процентиль: 79%
0.01289
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79