Lucene search

FreeBSD50457509-D05E-11D9-9AED-000E0C2E438A

HistoryMar 22, 2005 - 12:00 a.m.

phpSysInfo -- cross site scripting vulnerability

2005-03-2200:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.5%

JSON

A Securityreason.com advisory reports that various cross
site scripting vulnerabilities have been found in phpSysInfo.
Input is not properly sanitised before it is returned to the
user. A malicious person could exploit this to execute
arbitrary HTML and script code in a users browser session.
Also it is possible to view the full path of certain scripts
by accessing them directly.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphpsysinfo< 2.5.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	phpsysinfo	< 2.5.1	UNKNOWN

References

marc.theaimsgroup.com/?l=bugtraq&m=111161017209422

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.5%

JSON

Related for 50457509-D05E-11D9-9AED-000E0C2E438A