CVE-2021-45281

Опубликовано: 07 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized.

Ссылки

https://websec.nl/blog/61b2b37a43a1155c848f3b08/developing%20a%20remote%20code%20execution%20exploit%20for%20a%20popular%20media%20box
Exploit
Third Party Advisory
https://websec.nl/blog/61b2b37a43a1155c848f3b08/developing%20a%20remote%20code%20execution%20exploit%20for%20a%20popular%20media%20box
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:quickbox:quickbox:2.4.8:*:*:*:pro:*:*:*

cpe:2.3:a:quickbox:quickbox:2.5.8:*:*:*:community:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h3fq-ch85-9fxj

github

почти 4 года назад