CVE-2009-2588

Опубликовано: 24 июл. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.

Ссылки

http://osvdb.org/56167
http://osvdb.org/56168
http://osvdb.org/56169
http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt
Exploit
http://secunia.com/advisories/35892
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1979
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51911
http://osvdb.org/56167
http://osvdb.org/56168
http://osvdb.org/56169
http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt
Exploit
http://secunia.com/advisories/35892
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1979
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51911

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:resalecode:hotscripts_type_php_clone_script:-:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01987

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x9w7-hxvq-9xhr

github

почти 4 года назад