exploitDog

CVE-2010-1464

Опубликовано: 16 апр. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters.

Ссылки

http://www.securityfocus.com/archive/1/510741/100/0/threaded
http://www.vupen.com/english/advisories/2010/0882
Vendor Advisory
http://www.vupen.com/english/research-web.php
Vendor Advisory
http://www.securityfocus.com/archive/1/510741/100/0/threaded
http://www.vupen.com/english/advisories/2010/0882
Vendor Advisory
http://www.vupen.com/english/research-web.php
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webasyst:shop-script:-:-:free:*:*:*:*:*

EPSS

Процентиль: 55%

0.00322

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-cq2c-xv58-j963

github

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters.

EPSS

Процентиль: 55%

0.00322

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79