Lucene search

[email protected]CVE-2018-6878

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2018-6878

2022-10-0316:21:47

CWE-79

[email protected]

web.nvd.nist.gov

cve-2018-6878

cross site scripting

xss

php scripts mall

hot scripts clone script

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field.

Affected configurations

NVD

Node

hot_scripts_clone_projecthot_scripts_cloneMatch3.1

CPENameOperatorVersion
hot_scripts_clone_project:hot_scripts_clonehot scripts clone project hot scripts cloneeq3.1

CPE	Name	Operator	Version
hot_scripts_clone_project:hot_scripts_clone	hot scripts clone project hot scripts clone	eq	3.1

References

www.exploit-db.com/exploits/43991/

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for CVE-2018-6878

prion2 cvelist2 nvd2 cve1