CVE-2016-5060

Опубликовано: 13 дек. 2016

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.

Ссылки

http://packetstormsecurity.com/files/137469/nGrinder-3.3-Cross-Site-Scripting.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jun/23
Third Party Advisory
VDB Entry
https://github.com/naver/ngrinder/issues/103
Patch
Vendor Advisory
https://github.com/naver/ngrinder/releases/tag/ngrinder-3.4-20160525
Release Notes
http://packetstormsecurity.com/files/137469/nGrinder-3.3-Cross-Site-Scripting.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jun/23
Third Party Advisory
VDB Entry
https://github.com/naver/ngrinder/issues/103
Patch
Vendor Advisory
https://github.com/naver/ngrinder/releases/tag/ngrinder-3.4-20160525
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*

Версия до 3.3 (включая)

EPSS

Процентиль: 66%

0.00506

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7h5w-jxqm-62j3