CVE-2015-7365

Опубликовано: 14 окт. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.

Ссылки

http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html
http://seclists.org/fulldisclosure/2015/Oct/32
http://www.revive-adserver.com/security/revive-sa-2015-001
Vendor Advisory
http://www.securityfocus.com/archive/1/536633/100/0/threaded
http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html
http://seclists.org/fulldisclosure/2015/Oct/32
http://www.revive-adserver.com/security/revive-sa-2015-001
Vendor Advisory
http://www.securityfocus.com/archive/1/536633/100/0/threaded

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*

Версия до 3.2.1 (включая)

EPSS

Процентиль: 49%

0.00256

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-63fc-gfcm-9g58

github

больше 3 лет назад