exploitDog

CVE-2018-5479

Опубликовано: 15 янв. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.

Ссылки

https://www.exploit-db.com/exploits/43567/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/43567/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:foxsash:imghosting:1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00259

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vch2-j9w3-3gp8

CVSS3: 6.1

github

больше 3 лет назад

FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.

EPSS

Процентиль: 49%

0.00259

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79