exploitDog

CVE-2018-7650

Опубликовано: 06 мар. 2018

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.

Ссылки

https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html
Exploit
Third Party Advisory
https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hot_scripts_clone_project:hot_scripts_clone:3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00235

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j6wc-m838-f4g8

CVSS3: 4.8

github

больше 3 лет назад

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.

EPSS

Процентиль: 46%

0.00235

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79