Cross site scripting

2012-07-0322:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.

CPENameOperatorVersion
decodaeq3.1
decodaeq3.0
decodaeq2.8
decodaeq2.2
decodaeq2.5
decodaeq3.2
decodale3.3.1
decodaeq2.4
decodaeq2.7
decodaeq3.3

Name	Operator	Version
decoda	eq	3.1
decoda	eq	3.0
decoda	eq	2.8
decoda	eq	2.2
decoda	eq	2.5
decoda	eq	3.2
decoda	le	3.3.1
decoda	eq	2.4
decoda	eq	2.7
decoda	eq	3.3

Rows per page:

1-10 of 131

References

osvdb.org/81637

secunia.com/advisories/48931

www.securityfocus.com/bid/53332

exchange.xforce.ibmcloud.com/vulnerabilities/75333

github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83

github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9

www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags