CVE-2015-0553

Опубликовано: 21 янв. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.

Ссылки

http://packetstormsecurity.com/files/130008/CMS-Websitebaker-2.8.3-SP3-Cross-Site-Scripting.html
Exploit
http://seclists.org/fulldisclosure/2015/Jan/70
Exploit
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-03.html
Exploit
http://sroesemann.blogspot.de/2015/01/sroeadv-2015-03_4.html
Exploit
http://www.securityfocus.com/bid/72104
Exploit
https://twitter.com/sroesemann/status/555397239229911040
Exploit
http://packetstormsecurity.com/files/130008/CMS-Websitebaker-2.8.3-SP3-Cross-Site-Scripting.html
Exploit
http://seclists.org/fulldisclosure/2015/Jan/70
Exploit
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-03.html
Exploit
http://sroesemann.blogspot.de/2015/01/sroeadv-2015-03_4.html
Exploit
http://www.securityfocus.com/bid/72104
Exploit
https://twitter.com/sroesemann/status/555397239229911040
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:websitebaker:websitebaker:2.8.3:sp3:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00572

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fpwq-w33p-2825

github

больше 3 лет назад