6.2 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
91.0%
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
www.osvdb.org/7495
www.osvdb.org/7496
www.osvdb.org/7497
www.osvdb.org/7498
www.osvdb.org/7499
www.osvdb.org/7500
www.osvdb.org/7501
www.osvdb.org/7502
www.osvdb.org/7503
www.osvdb.org/7504
www.osvdb.org/7505
www.securityfocus.com/archive/1/306206
www.securityfocus.com/bid/6571
exchange.xforce.ibmcloud.com/vulnerabilities/11050