Lucene search

Ubuntu.comUB:CVE-2013-7351

HistoryJan 02, 2020 - 12:00 a.m.

CVE-2013-7351

2020-01-0200:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.007

Percentile

81.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli
allow remote attackers to inject arbitrary web script or HTML via the URL
to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file
name to the importFile function; or (5) vectors related to bookmarks.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743252>

References

github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a

launchpad.net/bugs/cve/CVE-2013-7351

nvd.nist.gov/vuln/detail/CVE-2013-7351

security-tracker.debian.org/tracker/CVE-2013-7351

www.cve.org/CVERecord?id=CVE-2013-7351

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.007

Percentile

81.3%

JSON

Related for UB:CVE-2013-7351