Lucene search
MitreCVE-2015-1373HistoryJan 27, 2015 - 8:04 p.m.
CVE-2015-1373
2015-01-2720:04:31
CWE-79
mitre
web.nvd.nist.gov
29
cve
2015
1373
xss
vulnerabilities
admin.php
ferretcms
remote attackers
web script
html
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.016
Percentile
87.8%
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action.
Affected configurations
Node
ferretcms_projectferretcmsMatch1.0.4alpha
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ferretcms_project | ferretcms | 1.0.4 | cpe:2.3:a:ferretcms_project:ferretcms:1.0.4:alpha:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2015-01-27 20:04:00
nvd
nvd
CVE-2015-1373
2015-01-27 20:04:31
cvelist
cvelist
CVE-2015-1373
2015-01-27 17:00:00
exploitdb
exploitdb
ferretCMS 1.0.4-alpha - Multiple Vulnerabilities
2015-01-26 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.016
Percentile
87.8%
Related for CVE-2015-1373