Cross site scripting

2014-03-0516:37:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.

CPENameOperatorVersion
askboteq0.7.44
askboteq0.7.42
askboteq0.7.46
askboteq0.7.47
askboteq0.7.41
askbotle0.7.48
askboteq0.7.43
askboteq0.7.40
askboteq0.7.45

Name	Operator	Version
askbot	eq	0.7.44
askbot	eq	0.7.42
askbot	eq	0.7.46
askbot	eq	0.7.47
askbot	eq	0.7.41
askbot	le	0.7.48
askbot	eq	0.7.43
askbot	eq	0.7.40
askbot	eq	0.7.45

References

secunia.com/advisories/57163

www.openwall.com/lists/oss-security/2014/02/28/8

www.securityfocus.com/bid/65885

bugzilla.redhat.com/show_bug.cgi?id=1070852

github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2

github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29