Описание
Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:lycheeorg:lychee:3.2.16:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00307
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
около 4 лет назад
Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.
EPSS
Процентиль: 53%
0.00307
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79