CVE-2014-5188

Опубликовано: 07 авг. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter.

Ссылки

http://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html
Exploit
http://www.securityfocus.com/bid/68973
Exploit
http://xerosecurity.com/?p=94
https://exchange.xforce.ibmcloud.com/vulnerabilities/95024
http://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html
Exploit
http://www.securityfocus.com/bid/68973
Exploit
http://xerosecurity.com/?p=94
https://exchange.xforce.ibmcloud.com/vulnerabilities/95024

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lyris:list_manager:8.95a:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00256

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qw8x-fr9x-f4rg

github

больше 3 лет назад