Lucene search

[email protected]NVD:CVE-2013-0807

HistoryMar 28, 2014 - 3:55 p.m.

CVE-2013-0807

2014-03-2815:55:08

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

74.5%

JSON

Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.

Affected configurations

Nvd

Node

gpeasygpeasy_cmsRange≤3.5.2

gpeasygpeasy_cmsMatch1.5

gpeasygpeasy_cmsMatch1.5rc2

gpeasygpeasy_cmsMatch1.5rc3

gpeasygpeasy_cmsMatch1.5rc4

gpeasygpeasy_cmsMatch1.6

gpeasygpeasy_cmsMatch1.6rc1

gpeasygpeasy_cmsMatch1.6rc2

gpeasygpeasy_cmsMatch1.6rc3

gpeasygpeasy_cmsMatch1.6rc4

gpeasygpeasy_cmsMatch1.6rc5

gpeasygpeasy_cmsMatch1.6.1

gpeasygpeasy_cmsMatch1.6.2

gpeasygpeasy_cmsMatch1.6.3

gpeasygpeasy_cmsMatch2.0.1

gpeasygpeasy_cmsMatch2.1

gpeasygpeasy_cmsMatch2.2

gpeasygpeasy_cmsMatch2.3

gpeasygpeasy_cmsMatch2.3.1

gpeasygpeasy_cmsMatch2.3.2

gpeasygpeasy_cmsMatch2.3.3

gpeasygpeasy_cmsMatch2.4

gpeasygpeasy_cmsMatch3.0

gpeasygpeasy_cmsMatch3.0.1

gpeasygpeasy_cmsMatch3.0.2

gpeasygpeasy_cmsMatch3.0.3

gpeasygpeasy_cmsMatch3.0.4

gpeasygpeasy_cmsMatch3.0.5

gpeasygpeasy_cmsMatch3.5

gpeasygpeasy_cmsMatch3.5.1

VendorProductVersionCPE
gpeasygpeasy_cms*cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:*:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:*:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4:*:*:*:*:*:*

Vendor	Product	Version	CPE
gpeasy	gpeasy_cms	*	cpe:2.3:a:gpeasy:gpeasy_cms::::::::
gpeasy	gpeasy_cms	1.5	cpe:2.3:a:gpeasy:gpeasy_cms:1.5:::::::*
gpeasy	gpeasy_cms	1.5	cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2::::::
gpeasy	gpeasy_cms	1.5	cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3::::::
gpeasy	gpeasy_cms	1.5	cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4::::::
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:::::::*
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1::::::
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2::::::
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3::::::
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4::::::