CVE-2019-7410

Опубликовано: 14 авг. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).

Ссылки

https://github.com/jberger/Galileo/pull/55/files
Third Party Advisory
https://metacpan.org/changes/distribution/Galileo
Third Party Advisory
https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt
Third Party Advisory
https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt
Patch
Third Party Advisory
https://github.com/jberger/Galileo/pull/55/files
Third Party Advisory
https://metacpan.org/changes/distribution/Galileo
Third Party Advisory
https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt
Third Party Advisory
https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:galileo_cms_project:galileo_cms:0.042:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00528

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qwxc-7842-42p6

github

больше 3 лет назад