CVE-2010-4264

Опубликовано: 22 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.

Ссылки

https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece
Patch
Third Party Advisory
https://seclists.org/oss-sec/2010/q4/282
Mailing List
Third Party Advisory
https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece
Patch
Third Party Advisory
https://seclists.org/oss-sec/2010/q4/282
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vanillaforums:vanilla_forums:*:*:*:*:*:*:*:*

Версия до 2.0.10 (исключая)

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-94c2-rg8m-c4ch

github

почти 4 года назад