CVE-2013-5317

Опубликовано: 20 авг. 2013

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.

Ссылки

http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Exploit
http://www.exploit-db.com/exploits/27315
Exploit
http://www.securityfocus.com/bid/61587
https://exchange.xforce.ibmcloud.com/vulnerabilities/86194
http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Exploit
http://www.exploit-db.com/exploits/27315
Exploit
http://www.securityfocus.com/bid/61587
https://exchange.xforce.ibmcloud.com/vulnerabilities/86194

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ritecms:ritecms:1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00405

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mfhw-fvhp-65f7

github

больше 3 лет назад