CVE-2014-9522

Опубликовано: 05 янв. 2015

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

Ссылки

http://osvdb.org/show/osvdb/115944
http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html
Exploit
http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html
Exploit
http://www.exploit-db.com/exploits/35551
Exploit
http://www.securityfocus.com/archive/1/534243/100/0/threaded
http://www.securityfocus.com/bid/71676
http://osvdb.org/show/osvdb/115944
http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html
Exploit
http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html
Exploit
http://www.exploit-db.com/exploits/35551
Exploit
http://www.securityfocus.com/archive/1/534243/100/0/threaded
http://www.securityfocus.com/bid/71676

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:papoo:cms_papoo_light:6.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10781

Средний

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qwpw-7f3q-wc3q

github

больше 3 лет назад