Cross site scripting

2010-03-1619:00:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
dlle0.6
dleq0.4
dleq0.5
dleq0.3
dleq0.1
dleq0.2

Name	Operator	Version
dl	le	0.6
dl	eq	0.4
dl	eq	0.5
dl	eq	0.3
dl	eq	0.1
dl	eq	0.2

References

article.gmane.org/gmane.comp.web.dl-ticket-service.general/33

freshmeat.net/projects/dl-ticket-service

osvdb.org/62884

secunia.com/advisories/38898

www.securityfocus.com/bid/38700