Описание
Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php.
Ссылки
- Broken Link
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Not Applicable
- ExploitMailing ListThird Party Advisory
- Broken Link
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Not Applicable
- ExploitMailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:muze:ariadne:2.7.6:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.0097
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php.
EPSS
Процентиль: 76%
0.0097
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79