exploitDog

CVE-2014-2890

Опубликовано: 22 апр. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message.

Ссылки

http://seclists.org/oss-sec/2014/q2/122
Exploit
http://seclists.org/oss-sec/2014/q2/141
Exploit
http://www.securityfocus.com/bid/66665
Exploit
http://seclists.org/oss-sec/2014/q2/122
Exploit
http://seclists.org/oss-sec/2014/q2/141
Exploit
http://www.securityfocus.com/bid/66665
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siege:phpmyid:0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00359

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2014-2890

debian

почти 12 лет назад

Cross-site scripting (XSS) vulnerability in the wrap_html function in ...

GHSA-pjqf-6qwc-8vqv

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message.

EPSS

Процентиль: 58%

0.00359

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79