CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-1039

Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.openwall.com/lists/oss-security/2015/01/11/4
http://www.securityfocus.com/bid/71931
https://github.com/ZF-Commons/ZfcUser/commit/baf0e460
https://github.com/ZF-Commons/ZfcUser/issues/550
http://www.openwall.com/lists/oss-security/2015/01/11/4
http://www.securityfocus.com/bid/71931
https://github.com/ZF-Commons/ZfcUser/commit/baf0e460
https://github.com/ZF-Commons/ZfcUser/issues/550

Products affected by CVE-2015-1039

Zfcuser Project » Zfcuser » Version: 1.2.1

cpe:2.3:a:zfcuser_project:zfcuser:1.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1039

Products

Pricing

Contact Us