Cross site scripting

2015-01-0520:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

CPENameOperatorVersion
cms_papoo_lighteq6.0.0

CPE	Name	Operator	Version
	cms_papoo_light	eq	6.0.0

References

osvdb.org/show/osvdb/115944

packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html

sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html

www.securityfocus.com/archive/1/534243/100/0/threaded

www.securityfocus.com/bid/71676

www.exploit-db.com/exploits/35551