Описание
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:18.4:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00157
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
больше 6 лет назад
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to uplo ...
CVSS3: 5.4
github
больше 3 лет назад
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
EPSS
Процентиль: 37%
0.00157
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79