CVE-2010-1497

Опубликовано: 23 апр. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Ссылки

http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt
Exploit
http://secunia.com/advisories/39496
Vendor Advisory
http://www.exploit-db.com/exploits/12280
Exploit
http://www.osvdb.org/63909
http://www.securityfocus.com/bid/39592
Exploit
http://www.vupen.com/english/advisories/2010/0939
Vendor Advisory
http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/
http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/57918
http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt
Exploit
http://secunia.com/advisories/39496
Vendor Advisory
http://www.exploit-db.com/exploits/12280
Exploit
http://www.osvdb.org/63909
http://www.securityfocus.com/bid/39592
Exploit
http://www.vupen.com/english/advisories/2010/0939
Vendor Advisory
http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/
http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/57918

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clausvb:dl_stats:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04701

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-82vp-cv9f-7fjj

github

больше 3 лет назад