CVE-2013-4884

Опубликовано: 21 янв. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.

Ссылки

http://seclists.org/fulldisclosure/2013/Aug/68
Exploit
http://www.exploit-db.com/exploits/27406
Exploit
http://www.securityfocus.com/bid/61640
https://exchange.xforce.ibmcloud.com/vulnerabilities/86257
https://kc.mcafee.com/corporate/index?page=content&id=KB78992
Vendor Advisory
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-024.txt
Exploit
http://seclists.org/fulldisclosure/2013/Aug/68
Exploit
http://www.exploit-db.com/exploits/27406
Exploit
http://www.securityfocus.com/bid/61640
https://exchange.xforce.ibmcloud.com/vulnerabilities/86257
https://kc.mcafee.com/corporate/index?page=content&id=KB78992
Vendor Advisory
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-024.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mcafee:superscan:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02637

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vw34-99x5-jpc2

github

больше 3 лет назад