4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.7 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.5%
JPCERT Coordination Center (JPCERT/CC) reported the following vulnerability in ADOdb. As a workaround until hotfix is released, we recommend all users to remove the whole ./tests directory; it is only used for development purposes and is not necessary for normal ADOdb operations. Report description [Reference Number] JVN#48237713 [Title] ADOdb vulnerable to cross-site scripting [Reporter Related Information] Anonymous (reporter information was not provided) [Vulnerability Information] This vulnerability was found by the reporter Product Name: ADOdb Version: 5.20.4 Language: PHP Description: Cross-site scripting Reproduction Procedure: Environment used: OS: Windows 7 Middleware: Most recent version of xampp Place the most recent version of xampp at c:\xampp Place ADOdb at C:\xampp\htdocs\AUDIT\adodb5 Using Chrome with the XSS filter turned off, access http://localhost/AUDIT/adodb5/tests/test.php?testproxy=1&ADODB;_vers=V123<script>alert(1)</script> to reproduce the vulnerability. Here an alert dialog will appear. [Possible Impacts] Cookies may be stolen Pages may be defaced Other affects of XSS [Possible Workarounds] None [Proof-of-Concept Code] None [Other Information] None [Report Validation and Comments from IPA] None [Comments from JPCERT/CC] None The text was updated successfully, but these errors were encountered: All reactions
CPE | Name | Operator | Version |
---|---|---|---|
adodb/adodb-php | lt | 5.20.6 |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.7 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.5%