Lucene search

[email protected]NVD:CVE-2013-4167

HistoryOct 11, 2013 - 10:55 p.m.

CVE-2013-4167

2013-10-1122:55:39

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

cmsmadesimplecms_made_simpleRange≤1.11.6

cmsmadesimplecms_made_simpleMatch1.11

cmsmadesimplecms_made_simpleMatch1.11.1

cmsmadesimplecms_made_simpleMatch1.11.2

cmsmadesimplecms_made_simpleMatch1.11.2.1

cmsmadesimplecms_made_simpleMatch1.11.3

cmsmadesimplecms_made_simpleMatch1.11.4

cmsmadesimplecms_made_simpleMatch1.11.5

References

forum.cmsmadesimple.org/viewtopic.php?f=1&t=66590&p=299356

www.openwall.com/lists/oss-security/2013/07/21/1

www.openwall.com/lists/oss-security/2013/07/25/7

twitter.com/LeakFree/status/336942367351394305

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Related for NVD:CVE-2013-4167

cve1 prion1 cvelist1