CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-9522

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.082

EPSS Ranking 91.8%

CVSS Severity

CVSS v2 Score 4.3

References

http://osvdb.org/show/osvdb/115944
http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html
http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html
http://www.exploit-db.com/exploits/35551
http://www.securityfocus.com/archive/1/534243/100/0/threaded
http://www.securityfocus.com/bid/71676
http://osvdb.org/show/osvdb/115944
http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html
http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html
http://www.exploit-db.com/exploits/35551
http://www.securityfocus.com/archive/1/534243/100/0/threaded
http://www.securityfocus.com/bid/71676

Products affected by CVE-2014-9522

Papoo » Cms Papoo Light » Version: 6.0.0

cpe:2.3:a:papoo:cms_papoo_light:6.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9522

Products

Pricing

Contact Us