CVE-2013-7277

Опубликовано: 08 янв. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.

Ссылки

http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html
Patch
Vendor Advisory
http://osvdb.org/101467
Patch
http://osvdb.org/101491
http://osvdb.org/101492
http://secunia.com/advisories/56228
Vendor Advisory
http://sourceforge.net/p/aphpkb/code/91
Exploit
Patch
http://www.securityfocus.com/bid/64550
https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase
http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html
Patch
Vendor Advisory
http://osvdb.org/101467
Patch
http://osvdb.org/101491
http://osvdb.org/101492
http://secunia.com/advisories/56228
Vendor Advisory
http://sourceforge.net/p/aphpkb/code/91
Exploit
Patch
http://www.securityfocus.com/bid/64550
https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:aphpkb:aphpkb:*:*:*:*:*:*:*:*

Версия до 0.95.7 (включая)

cpe:2.3:a:aphpkb:aphpkb:0.1:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.2:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.3:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.4:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.5:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.6:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.9:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.21:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.31:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.33:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.35:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.38:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.39:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.41:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.42:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.43:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.44:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.45:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.51:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.52:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.53:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.54:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.55:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.56:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.57:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.58:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.59:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.61:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.62:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.63:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.64:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.65:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.66:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.67:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.70:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.71:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.72:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.73:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.74:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.75:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.76:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.77:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.78:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.79:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.80:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.81:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.82:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.83:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.84:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.85:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.86:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.87:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.88:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.88.5:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.88.6:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.88.7:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.88.8:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.89:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.91:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.1:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.2:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.3:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.4:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.5:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.6:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.7:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.8:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.92.9:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.1:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.2:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.3:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.4:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.5:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.6:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.7:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.8:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.93.9:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.1:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.2:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.3:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.4:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.5:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.6:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.7:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.8:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.94.9:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.95:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.95.1:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.95.2:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.95.3:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.95.4:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.95.5:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.95.6:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.361:*:*:*:*:*:*:*

cpe:2.3:a:aphpkb:aphpkb:0.371:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00352

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p3xr-h9wq-j6wv

github

больше 3 лет назад