CVE-2021-32106

Опубликовано: 08 июн. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.

Ссылки

https://github.com/icecoder/ICEcoder
Product
Third Party Advisory
https://groups.google.com/g/icecoder/c/xcAc8_1UPxQ
Exploit
Third Party Advisory
https://prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scripting/
Third Party Advisory
https://github.com/icecoder/ICEcoder
Product
Third Party Advisory
https://groups.google.com/g/icecoder/c/xcAc8_1UPxQ
Exploit
Third Party Advisory
https://prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scripting/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:icecoder:icecoder:8.0:-:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jf9v-q8vh-3fmc

CVSS3: 5.4

github

больше 4 лет назад

Cross-site scripting in ICEcoder

BDU:2021-03306

CVSS3: 5.4

fstec

больше 4 лет назад

Уязвимость компонента multipe-results.php редактора кода в браузере ICEcoder,

EPSS

Процентиль: 47%

0.00237

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79