exploitDog

CVE-2020-13427

Опубликовано: 22 июн. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter.

Ссылки

https://github.com/VictorAlagwu/CMSsite/commits/master
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/48511
Exploit
Third Party Advisory
VDB Entry
https://github.com/VictorAlagwu/CMSsite/commits/master
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/48511
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:victorcms_project:victorcms:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6r4p-v25c-h9rx

github

больше 3 лет назад

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter.

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79