Lucene search

GitHub Advisory DatabaseGHSA-M3P9-C7P3-XXMP

HistoryMay 17, 2022 - 2:17 a.m.

Mayaa Cross-site Scripting vulnerability

2022-05-1702:17:15

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.

Affected configurations

Vulners

Node

com.github.seasarorg.mayaa\Matchmayaa

CPENameOperatorVersion
com.github.seasarorg.mayaa:mayaalt1.1.23

CPE	Name	Operator	Version
	com.github.seasarorg.mayaa:mayaa	lt	1.1.23

References

jvn.jp/en/jp/JVN17298485/index.html

jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000085.html

mayaa.seasar.org/news/vulnerability20081225.html

exchange.xforce.ibmcloud.com/vulnerabilities/47623

github.com/advisories/GHSA-m3p9-c7p3-xxmp

nvd.nist.gov/vuln/detail/CVE-2008-5720

web.archive.org/web/20090622223640/secunia.com/advisories/33333

web.archive.org/web/20200301074809/www.securityfocus.com/bid/33015

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for GHSA-M3P9-C7P3-XXMP