Описание
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:textpattern:textpattern:4.9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00228
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
больше 4 лет назад
A persistent cross-site scripting vulnerability was discovered in the ...
github
больше 3 лет назад
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
EPSS
Процентиль: 45%
0.00228
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79