Описание
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- ExploitPatch
- ExploitPatch
- ExploitPatch
- Exploit
- Vendor Advisory
- Exploit
- ExploitPatch
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:fork-cms:fork_cms:3.2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07974
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
EPSS
Процентиль: 92%
0.07974
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79