CVE-2017-12906

Опубликовано: 07 сент. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.

Ссылки

http://loid.online/cve/cve.txt
Exploit
Third Party Advisory
URL Repurposed
http://www.sstrunk.com/cve/confirm_resend.html
Third Party Advisory
http://loid.online/cve/cve.txt
Exploit
Third Party Advisory
URL Repurposed
http://www.sstrunk.com/cve/confirm_resend.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nexusphp_project:nexusphp:1.5:beta5.20120707:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00238

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7665-39qh-j8m6