CVE-2014-2890 in phpMyIDinformazioni

Riassunto

di MITRE

Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

17/04/2014

Divulgazione

22/04/2014

Moderazione

accettato

Voce

VDB-69438

CPE

pronto

CWE

CWE-79 (confermato)

CVSS

4.3 (NVD)

EPSS

0.01193

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-2890
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2890
CVE Details	https://www.cvedetails.com/cve/CVE-2014-2890/

◂ Precedente Visione D'ensemble Il prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!