← voltar
CVE-2023-53887

Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Zomplog · Zomplog

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/https://www.exploit-db.com/exploits/51625https://www.vulncheck.com/advisories/zomplog-cross-site-scripting-vulnerability-via-page-creation