exploitDog

CVE-2012-4771

Опубликовано: 22 окт. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:intelliants:subrion_cms:*:*:*:*:*:*:*:*

Версия до 2.2.2 (включая)

cpe:2.3:a:intelliants:subrion_cms:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:intelliants:subrion_cms:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:intelliants:subrion_cms:2.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07843

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fg2m-gv83-m3q7

github

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452.

EPSS

Процентиль: 92%

0.07843

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79