Lucene search

[email protected]CVE-2015-1058

HistoryJan 16, 2015 - 3:59 p.m.

CVE-2015-1058

2015-01-1615:59:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-1058

xss

adaptcms 3.0.3

vulnerability

web script

html

remote attackers

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new.

Affected configurations

NVD

Node

insanevisionsadaptcmsMatch3.0.3

CPENameOperatorVersion
insanevisions:adaptcmsinsanevisions adaptcmseq3.0.3

CPE	Name	Operator	Version
insanevisions:adaptcms	insanevisions adaptcms	eq	3.0.3

References

osvdb.org/show/osvdb/116716

osvdb.org/show/osvdb/116717

osvdb.org/show/osvdb/116718

osvdb.org/show/osvdb/116719

osvdb.org/show/osvdb/116720

packetstormsecurity.com/files/129812/AdaptCMS-3.0.3-Cross-Site-Scripting.html

www.exploit-db.com/exploits/35710

www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5218.php

exchange.xforce.ibmcloud.com/vulnerabilities/99617

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2015-1058

cvelist1 nvd1 zeroscience1 prion1