CVE-2011-5299

2022-10-0316:15:12

mitre

www.cve.org

pommo aardvark pr16.1

cross-site scripting

remote attackers

injecting arbitrary web script

html

referer parameter

site name parameter

group name parameter

field name parameter

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php.

References

www.htbridge.com/advisory/HTB22976