exploitDog

CVE-2015-4552

Опубликовано: 03 сент. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.

Ссылки

http://adrianhayter.com/exploits.php
Exploit
http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/
Patch
Vendor Advisory
http://www.securitytracker.com/id/1033471
http://adrianhayter.com/exploits.php
Exploit
http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/
Patch
Vendor Advisory
http://www.securitytracker.com/id/1033471

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*

Версия до 1.8.4 (включая)

EPSS

Процентиль: 53%

0.00296

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-g8fq-wr59-j2hw

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.

EPSS

Процентиль: 53%

0.00296

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79