Lucene search

[email protected]CVE-2015-0950

HistoryApr 05, 2015 - 1:59 a.m.

CVE-2015-0950

2015-04-0501:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-0950

cross-site scripting

xss

vulnerability

x-cart 5.1.6

x-cart 5.1.10

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.6%

JSON

Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.

CPENameOperatorVersion
qualiteam:x-cartqualiteam x-carteq5.1.7
qualiteam:x-cartqualiteam x-carteq5.1.9
qualiteam:x-cartqualiteam x-carteq5.1.6
qualiteam:x-cartqualiteam x-carteq5.1.10
qualiteam:x-cartqualiteam x-carteq5.1.8

CPE	Name	Operator	Version
qualiteam:x-cart	qualiteam x-cart	eq	5.1.7
qualiteam:x-cart	qualiteam x-cart	eq	5.1.9
qualiteam:x-cart	qualiteam x-cart	eq	5.1.6
qualiteam:x-cart	qualiteam x-cart	eq	5.1.10
qualiteam:x-cart	qualiteam x-cart	eq	5.1.8

References

www.kb.cert.org/vuls/id/924124

blog.x-cart.com/5-1-11-released.html

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2015-0950

cvelist1 prion1 cert1