exploitDog

CVE-2015-2982

Опубликовано: 22 авг. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php.

Ссылки

http://jvn.jp/en/jp/JVN69175956/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000113
Vendor Advisory
http://www.php-factory.net/trivia/16.php
Vendor Advisory
http://jvn.jp/en/jp/JVN69175956/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000113
Vendor Advisory
http://www.php-factory.net/trivia/16.php
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php_kobo:photo_gallery_cms_free:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php_kobo:photo_gallery_cms_free:1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00322

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xxhc-wx4f-q7f9

github

около 3 лет назад

Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php.

EPSS

Процентиль: 55%

0.00322

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79