CVE-2016-4875

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Reference

http://jvn.jp/en/jp/JVN46087986/index.html
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.html
http://www.securityfocus.com/bid/93123
https://github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1
https://github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0be

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

21-04-2017 - 17:42

Objavljeno

14-04-2017 - 18:59