CVE-2018-15582

Опубликовано: 26 апр. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.

Ссылки

https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66
Patch
Third Party Advisory
https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d
Patch
Third Party Advisory
https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66
Patch
Third Party Advisory
https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*

Версия до 5.3.1.6 (исключая)

EPSS

Процентиль: 47%

0.00238

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4fj9-484j-694c