exploitDog

CVE-2017-12439

Опубликовано: 05 авг. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5.1

EPSS Низкий

Описание

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.

Ссылки

https://packetstormsecurity.com/files/143542/Flash-Slideshow-Maker-Professional-XSS-Content-Forgery-Redirect.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/143542/Flash-Slideshow-Maker-Professional-XSS-Content-Forgery-Redirect.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:socusoft:flash_slideshow_maker:*:*:*:*:*:*:*:*

Версия до 5.20 (включая)

EPSS

Процентиль: 39%

0.00173

Низкий

7.5 High

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-85rm-jm8v-379f

CVSS3: 7.5

github

больше 3 лет назад

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.

EPSS

Процентиль: 39%

0.00173

Низкий

7.5 High

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-352