Lucene search

[email protected]CVE-2015-8815

HistoryMar 03, 2017 - 4:59 p.m.

CVE-2015-8815

2017-03-0316:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-8815

umbraco

xss

cross-site scripting

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

50.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.

Affected configurations

NVD

Node

umbracoumbracoRange≤7.3.8

CPENameOperatorVersion
umbraco:umbracoumbracole7.3.8

CPE	Name	Operator	Version
umbraco:umbraco	umbraco	le	7.3.8

References

issues.umbraco.org/issue/U4-7461

www.openwall.com/lists/oss-security/2016/02/16/10

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

50.9%

JSON

Related for CVE-2015-8815

prion1 cvelist1 nvd1