CVE-2009-2595

Опубликовано: 24 июл. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action.

Ссылки

http://secunia.com/advisories/35795
Vendor Advisory
http://www.censura.info/forums/project.php?issueid=151
Vendor Advisory
http://www.censura.info/forums/showthread.php?t=969
Vendor Advisory
http://www.osvdb.org/55791
http://www.securityfocus.com/bid/35920
https://exchange.xforce.ibmcloud.com/vulnerabilities/51665
http://secunia.com/advisories/35795
Vendor Advisory
http://www.censura.info/forums/project.php?issueid=151
Vendor Advisory
http://www.censura.info/forums/showthread.php?t=969
Vendor Advisory
http://www.osvdb.org/55791
http://www.securityfocus.com/bid/35920
https://exchange.xforce.ibmcloud.com/vulnerabilities/51665

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:censura:censura:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:censura:censura:2.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00844

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-44vw-5m8p-p6fc

github

почти 4 года назад