Lucene search

[email protected]CVE-2016-2139

HistoryJul 28, 2022 - 3:15 p.m.

CVE-2016-2139

2022-07-2815:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2016-2139

kippo-graph

cross-site scripting

vulnerability

nvd

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.4%

JSON

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.

Affected configurations

Vulners

NVD

Node

kippo-graph_projectkippo-graphRange≤1.5.1

VendorProductVersionCPE
kippo\-graph_projectkippo\-graph*cpe:2.3:a:kippo\-graph_project:kippo\-graph:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kippo\-graph_project	kippo\-graph	*	cpe:2.3:a:kippo\-graph_project:kippo\-graph::::::::

CNA Affected

[
  {
    "product": "kippo-graph",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "1.5.1"
      }
    ]
  }
]

References

github.com/ikoniaris/kippo-graph/commit/e6587ec598902763110b70c8bd0a72f7951b4997

github.com/ikoniaris/kippo-graph/issues/35

Social References

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.4%

JSON

Related for CVE-2016-2139

osv1 prion1 nvd1 cvelist1