Lucene search

MitreCVE-2018-6878

HistoryFeb 09, 2018 - 6:29 p.m.

CVE-2018-6878

2018-02-0918:29:00

CWE-79

mitre

web.nvd.nist.gov

cve-2018-6878

cross site scripting

xss

php scripts mall

hot scripts clone script

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

18.2%

JSON

Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field.

Affected configurations

Nvd

Node

hot_scripts_clone_projecthot_scripts_cloneMatch3.1

VendorProductVersionCPE
hot_scripts_clone_projecthot_scripts_clone3.1cpe:2.3:a:hot_scripts_clone_project:hot_scripts_clone:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hot_scripts_clone_project	hot_scripts_clone	3.1	cpe:2.3:a:hot_scripts_clone_project:hot_scripts_clone:3.1:::::::*

References

www.exploit-db.com/exploits/43991/

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

18.2%

JSON

Related for CVE-2018-6878