Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NPhpvibe
APPPhpvibe≤ 4.20
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2024-39171CRITICAL9.8PL ✓ten sam produkt
Path Traversal i RCE w PHPVibe v11.0.46 przez niekompletną weryfikację ścieżek
CVE-2024-6083MEDIUM5.3ten sam produkt
A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown functi...
CVE-2024-6082MEDIUM5.1ten sam produkt
A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects so...