Lucene search

K
cve[email protected]CVE-2015-5612
HistorySep 04, 2015 - 3:59 p.m.

CVE-2015-5612

2015-09-0415:59:01
CWE-79
web.nvd.nist.gov
21
cve-2015-5612
xss vulnerability
october cms
web script injection
html injection

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.3%

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

Affected configurations

NVD
Node
octobercmsoctoberMatch-

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.3%

Related for CVE-2015-5612