Lucene search

[email protected]CVE-2015-1052

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2015-1052

2022-10-0316:15:50

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-1052

xss

phpkit

web script injection

html injection

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

86.1%

JSON

Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php.

Affected configurations

NVD

Node

phpkitphpkitMatch1.6.6

CPENameOperatorVersion
phpkit:phpkitphpkiteq1.6.6

CPE	Name	Operator	Version
phpkit:phpkit	phpkit	eq	1.6.6

References

packetstormsecurity.com/files/129917/CMS-PHPKit-WCMS-1.6.6-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2015/Jan/25

sroesemann.blogspot.de/2014/12/sroeadv-2014-07.html

sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-07.html

www.securityfocus.com/bid/72001

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2015-1052

cvelist1 prion1 nvd1