exploitDog

CVE-2018-16736

Опубликовано: 09 сент. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).

Ссылки

https://github.com/eagle00789/RC_Filters/issues/19
Third Party Advisory
https://github.com/roundcube/roundcubemail/issues/6437
Third Party Advisory
https://www.exploit-db.com/exploits/45437/
Exploit
Third Party Advisory
VDB Entry
https://github.com/eagle00789/RC_Filters/issues/19
Third Party Advisory
https://github.com/roundcube/roundcubemail/issues/6437
Third Party Advisory
https://www.exploit-db.com/exploits/45437/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rcfilters_project:rcfilters:2.1.6:*:*:*:*:roundcube:*:*

EPSS

Процентиль: 46%

0.00232

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4j7w-9crq-35q7

CVSS3: 5.4

github

больше 3 лет назад

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).

EPSS

Процентиль: 46%

0.00232

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79