CVE-2014-5259

Опубликовано: 12 сент. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Ссылки

http://forum.blackcat-cms.org/viewtopic.php?f=2&t=263
Patch
http://packetstormsecurity.com/files/128141/BlackCat-CMS-1.0.3-Cross-Site-Scripting.html
Exploit
http://www.securityfocus.com/archive/1/533336/100/0/threaded
http://www.securityfocus.com/bid/69551
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/95717
https://www.htbridge.com/advisory/HTB23228
Exploit
http://forum.blackcat-cms.org/viewtopic.php?f=2&t=263
Patch
http://packetstormsecurity.com/files/128141/BlackCat-CMS-1.0.3-Cross-Site-Scripting.html
Exploit
http://www.securityfocus.com/archive/1/533336/100/0/threaded
http://www.securityfocus.com/bid/69551
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/95717
https://www.htbridge.com/advisory/HTB23228
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blackcat-cms:blackcat_cms:*:*:*:*:*:*:*:*

Версия до 1.0.3 (включая)

EPSS

Процентиль: 61%

0.00421

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h855-j8m9-xmxj

github

больше 3 лет назад