CVE-2008-1972 in Oicgroupinformazioni

Riassunto

di MITRE

Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) firstname, (3) lastname, and (4) e-mail address fields. NOTE: some of these details are obtained from third party information.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

27/04/2008

Divulgazione

27/04/2008

Moderazione

accettato

Voce

VDB-42145

CPE

pronto

CWE

CWE-79 (confermato)

CVSS

4.3 (VulDB)

EPSS

0.01065

KEV

Attività

molto basso

Settore

Lawfirm, Hostingprovider, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-1972
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1972
CVE Details	https://www.cvedetails.com/cve/CVE-2008-1972/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!