exploitDog

CVE-2021-46030

Опубликовано: 19 янв. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS <= v2. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module.

Ссылки

https://github.com/ChinaLHR/JavaQuarkBBS/issues/23
Exploit
Issue Tracking
Third Party Advisory
https://github.com/ChinaLHR/JavaQuarkBBS/issues/23
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:javaquarkbbs_project:javaquarkbbs:*:*:*:*:*:*:*:*

Версия до 2 (включая)

EPSS

Процентиль: 41%

0.00191

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mh9m-78f3-35jx

github

около 4 лет назад

There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS <= v2. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module.

EPSS

Процентиль: 41%

0.00191

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79