exploitDog

CVE-2019-9553

Опубликовано: 31 дек. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.

Ссылки

https://packetstormsecurity.com/files/151943/Bold-CMS-3.6.4-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/46495
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/151943/Bold-CMS-3.6.4-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/46495
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boltcms:bolt:3.6.4:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00993

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2g23-qmmp-fvmr

CVSS3: 6.1

github

больше 3 лет назад

Bolt Cross-site Scripting via the slug, teaser or title parameters

EPSS

Процентиль: 76%

0.00993

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79