exploitDog

CVE-2018-10366

Опубликовано: 25 апр. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.

Ссылки

https://github.com/rainlab/user-plugin/commit/098c2bc907443d67e9e18645f850e3de42941d20
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/44546/
Exploit
Third Party Advisory
VDB Entry
https://github.com/rainlab/user-plugin/commit/098c2bc907443d67e9e18645f850e3de42941d20
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/44546/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:user_project:user:1.4.5:*:*:*:*:octobercms:*:*

EPSS

Процентиль: 65%

0.00482

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x5jc-34xf-c24q

CVSS3: 6.1

github

больше 3 лет назад

User Plugin for October CSS Allows XSS

EPSS

Процентиль: 65%

0.00482

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79