Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2013-0807
HistoryMar 28, 2014 - 3:55 p.m.

CVE-2013-0807

2014-03-2815:55:08
CWE-79
mitre
web.nvd.nist.gov
25
xss
vulnerability
gpeasy cms
remote attackers
web script
html
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.5%

JSON

Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.

Affected configurations

Nvd
Node
gpeasygpeasy_cmsRange3.5.2
OR
gpeasygpeasy_cmsMatch1.5
OR
gpeasygpeasy_cmsMatch1.5rc2
OR
gpeasygpeasy_cmsMatch1.5rc3
OR
gpeasygpeasy_cmsMatch1.5rc4
OR
gpeasygpeasy_cmsMatch1.6
OR
gpeasygpeasy_cmsMatch1.6rc1
OR
gpeasygpeasy_cmsMatch1.6rc2
OR
gpeasygpeasy_cmsMatch1.6rc3
OR
gpeasygpeasy_cmsMatch1.6rc4
OR
gpeasygpeasy_cmsMatch1.6rc5
OR
gpeasygpeasy_cmsMatch1.6.1
OR
gpeasygpeasy_cmsMatch1.6.2
OR
gpeasygpeasy_cmsMatch1.6.3
OR
gpeasygpeasy_cmsMatch2.0.1
OR
gpeasygpeasy_cmsMatch2.1
OR
gpeasygpeasy_cmsMatch2.2
OR
gpeasygpeasy_cmsMatch2.3
OR
gpeasygpeasy_cmsMatch2.3.1
OR
gpeasygpeasy_cmsMatch2.3.2
OR
gpeasygpeasy_cmsMatch2.3.3
OR
gpeasygpeasy_cmsMatch2.4
OR
gpeasygpeasy_cmsMatch3.0
OR
gpeasygpeasy_cmsMatch3.0.1
OR
gpeasygpeasy_cmsMatch3.0.2
OR
gpeasygpeasy_cmsMatch3.0.3
OR
gpeasygpeasy_cmsMatch3.0.4
OR
gpeasygpeasy_cmsMatch3.0.5
OR
gpeasygpeasy_cmsMatch3.5
OR
gpeasygpeasy_cmsMatch3.5.1
VendorProductVersionCPE
gpeasygpeasy_cms*cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:*:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:*:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4:*:*:*:*:*:*
Rows per page:
1-10 of 301

Related

securityvulns 2
cvelist 1
htbridge 1
exploitdb 1
packetstorm 1
prion 1
nvd 1
securityvulns
securityvulns
Cross-Site Scripting (XSS) vulnerability in gpEasy
2013-01-28 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-01-28 00:00:00
cvelist
cvelist
CVE-2013-0807
2014-03-28 15:00:00
htbridge
htbridge
Cross-Site Scripting (XSS) vulnerability in gpEasy
2013-01-02 00:00:00
exploitdb
exploitdb
gpEasy CMS - 'section' Cross-Site Scripting
2013-01-23 00:00:00
packetstorm
packetstorm
gpEasy 3.5.2 Cross Site Scripting
2013-01-24 00:00:00
prion
prion
Cross site scripting
2014-03-28 15:55:00
nvd
nvd
CVE-2013-0807
2014-03-28 15:55:08

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.5%

JSON
Related for CVE-2013-0807
securityvulns2cvelist1htbridge1exploitdb1packetstorm1prion1nvd1