Cross site scripting

2017-04-1418:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
assist_pluginle1.1.0
databox_pluginle0..0.0.20150609
userbox_pluginle0.0.0.20150918

Name	Operator	Version
assist_plugin	le	1.1.0
databox_plugin	le	0..0.0.20150609
userbox_plugin	le	0.0.0.20150918

References

jvn.jp/en/jp/JVN46087986/index.html

jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.html

www.securityfocus.com/bid/93123

github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1

github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0be