Vulnerability Details CVE-2017-16043
Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-16043
-
cpe:2.3:a:shout_project:shout:0.44.0
-
cpe:2.3:a:shout_project:shout:0.45.0
-
cpe:2.3:a:shout_project:shout:0.45.1
-
cpe:2.3:a:shout_project:shout:0.45.2
-
cpe:2.3:a:shout_project:shout:0.45.3
-
cpe:2.3:a:shout_project:shout:0.45.4
-
cpe:2.3:a:shout_project:shout:0.45.5
-
cpe:2.3:a:shout_project:shout:0.46.0
-
cpe:2.3:a:shout_project:shout:0.47.0
-
cpe:2.3:a:shout_project:shout:0.48.0
-
cpe:2.3:a:shout_project:shout:0.49.0
-
cpe:2.3:a:shout_project:shout:0.49.1
-
cpe:2.3:a:shout_project:shout:0.49.2
-
cpe:2.3:a:shout_project:shout:0.49.3