PRIOn knowledge basePRION:CVE-2018-5712Cross site scripting
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.741 High
EPSS
Percentile
98.0%
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| ubuntu_linux | eq | 14.04 | |
| ubuntu_linux | eq | 12.04 | |
| ubuntu_linux | eq | 17.10 | |
| debian_linux | eq | 7.0 | |
| php | eq | 7.2.0 | |
| php | gt | 7.1.0 | |
| php | le | 7.1.12 | |
| php | ge | 7.0.0 | |
| php | le | 7.0.26 |
References
php.net/ChangeLog-5.php
php.net/ChangeLog-7.php
www.securityfocus.com/bid/102742
www.securityfocus.com/bid/104020
www.securitytracker.com/id/1040363
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/errata/RHSA-2019:2519
bugs.php.net/bug.php?id=74782
lists.debian.org/debian-lts-announce/2018/01/msg00025.html
usn.ubuntu.com/3566-1/
usn.ubuntu.com/3600-1/
usn.ubuntu.com/3600-2/
www.oracle.com/security-alerts/cpuapr2020.html
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.741 High
EPSS
Percentile
98.0%