VulDBCVELIST:CVE-2018-25073CVE-2018-25073 Newcomer1989 TSN-Ranksystem bot.php getlog cross site scripting
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
41.2%
A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The patch is identified as b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability.
CNA Affected
[
{
"vendor": "Newcomer1989",
"product": "TSN-Ranksystem",
"versions": [
{
"version": "1.2.0",
"status": "affected"
},
{
"version": "1.2.1",
"status": "affected"
},
{
"version": "1.2.2",
"status": "affected"
},
{
"version": "1.2.3",
"status": "affected"
},
{
"version": "1.2.4",
"status": "affected"
},
{
"version": "1.2.5",
"status": "affected"
},
{
"version": "1.2.6",
"status": "affected"
}
]
}
]Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
41.2%