exploitDog

CVE-2018-1999021

Опубликовано: 23 июл. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page.

Ссылки

https://github.com/gleez/cms/issues/797
Exploit
Third Party Advisory
https://github.com/gleez/cms/issues/797
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gleeztech:gleezcms:1.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-q9g7-pff4-548r

CVSS3: 5.4

github

больше 3 лет назад

Gleez Cms Cross-site Scripting in Profile Page

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79