2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.3%
Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.
CPE | Name | Operator | Version |
---|---|---|---|
top_xl:top_xl | top xl | le | 1.1 |
top_xl:top_xl | top xl | eq | 1.0 |
secunia.com/advisories/21145
securityreason.com/securityalert/1267
securitytracker.com/id?1016548
www.majorsecurity.de/advisory/major_rls22.txt
www.osvdb.org/27413
www.osvdb.org/27414
www.securityfocus.com/archive/1/440652/100/0/threaded
www.securityfocus.com/archive/1/440889/100/100/threaded
www.securityfocus.com/bid/19098
www.vupen.com/english/advisories/2006/2914
exchange.xforce.ibmcloud.com/vulnerabilities/27880