CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
83.4%
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the
run method of the Uzbl object, which allows remote attackers to execute
arbitrary commands via JavaScript code.