CVE-2017-16884

Опубликовано: 07 дек. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.

Ссылки

http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/145182/MistServer-2.12-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Dec/2
Exploit
Mailing List
Third Party Advisory
https://news.mistserver.org/news/78/Stable+release+2.13+now+available%21
Release Notes
https://www.exploit-db.com/exploits/43205/
Exploit
Third Party Advisory
VDB Entry
http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/145182/MistServer-2.12-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Dec/2
Exploit
Mailing List
Third Party Advisory
https://news.mistserver.org/news/78/Stable+release+2.13+now+available%21
Release Notes
https://www.exploit-db.com/exploits/43205/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mistserver:mistserver:*:*:*:*:*:*:*:*

Версия до 2.13 (исключая)

EPSS

Процентиль: 91%

0.06199

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wvhw-9fw6-7x78