Lucene search

K
cve[email protected]CVE-2016-1205
HistoryApr 28, 2016 - 1:59 a.m.

CVE-2016-1205

2016-04-2801:59:01
CWE-79
web.nvd.nist.gov
26
cve-2016-1205
cross-site scripting
xss
vulnerability
ec-cube
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

59.1%

Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD
Node
shiro8category_freearea_additionMatch1.0ec-cube
OR
shiro8itemdetail_freearea_additionMatch1.0ec-cube
VendorProductVersionCPE
shiro8itemdetail_freearea_addition1.0cpe:/a:shiro8:itemdetail_freearea_addition:1.0:::
shiro8category_freearea_addition1.0cpe:/a:shiro8:category_freearea_addition:1.0:::

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

59.1%

Related for CVE-2016-1205