CVE-2014-100036

Опубликовано: 13 янв. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.

Ссылки

http://secunia.com/advisories/57808
https://exchange.xforce.ibmcloud.com/vulnerabilities/92538
https://github.com/evacchi/flatpress/issues/14
https://www.netsparker.com/critical-xss-vulnerabilities-in-flatpress/
Exploit
http://secunia.com/advisories/57808
https://exchange.xforce.ibmcloud.com/vulnerabilities/92538
https://github.com/evacchi/flatpress/issues/14
https://www.netsparker.com/critical-xss-vulnerabilities-in-flatpress/
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flatpress:flatpress:1.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00256

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2014-100036

debian

около 11 лет назад

Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows rem ...

GHSA-6cwx-qfcm-q3qc

github

больше 3 лет назад