CVE-2015-3296

Опубликовано: 21 сент. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.

Ссылки

http://www.openwall.com/lists/oss-security/2015/04/10/10
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/71824
Third Party Advisory
VDB Entry
https://github.com/julianlam/nodebb-plugin-markdown/commit/ab7f2684750882f7baefbfa31db8d5aac71e6ec3
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/04/10/10
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/71824
Third Party Advisory
VDB Entry
https://github.com/julianlam/nodebb-plugin-markdown/commit/ab7f2684750882f7baefbfa31db8d5aac71e6ec3
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*

Версия до 0.6.1 (включая)

EPSS

Процентиль: 56%

0.00343

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9g4f-5rpg-4948