Lucene search

K
cve[email protected]CVE-2019-25093
HistoryJan 02, 2023 - 11:15 a.m.

CVE-2019-25093

2023-01-0211:15:10
CWE-79
web.nvd.nist.gov
19
cve-2019-25093
vulnerability
cross site scripting
dragonexpert recent threads on index
security
nvd
patch
remote attack

3.3 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.3%

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability.

Affected configurations

NVD
Node
recent_threads_on_index_projectrecent_threads_on_indexRange<2019-02-06

CNA Affected

[
  {
    "vendor": "dragonexpert",
    "product": "Recent Threads on Index",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "Setting Handler"
    ]
  }
]

3.3 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.3%

Related for CVE-2019-25093