CVE-2011-4565

Опубликовано: 28 нояб. 2011

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*

Версия до 2.5.1.a (включая)

cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.13.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.14:rc1:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.17.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.17.1:rc:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.17.1:rc2:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.18:rc:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.18.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.18.1:rc:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.18.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.2a:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.2b:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.3b:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00475

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-g8j2-r6q8-f4m9

github

больше 3 лет назад