Japan Vulnerability NotesJVN:97370614JVN#97370614: MagazinegerZ vulnerable to cross-site scripting
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
45.5%
MagazinegerZ <http://cgiscriptmarket.com/magazinegerZ/> provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website.
MagazinegerZ contains a stored cross-site scripting vulnerability (CWE-79) which allows unintentional script execution on the web browser of the administrative user while logging in the management screen.
Impact
An arbitrary script may be executed on the web browser of the user with the administrative privilege while accessing the website that uses MagazinegerZ.
Solution
Consider stop using MagazinegerZ v.1.01
Since the developer was unreachable, existence of any mitigations is unknown.
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
45.5%