Vulnerability Details : CVE-2015-1562
Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or (3) filter parameter to error_log.php.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2015-1562
- cpe:2.3:a:saurus:saurus_cms:4.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1562
1.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1562
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-1562
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1562
-
http://sroesemann.blogspot.de/2015/01/sroeadv-2015-05.html
travel-free
-
https://github.com/sauruscms/Saurus-CMS-Community-Edition/commit/8dec044d0fdabcb9b04e58037623385a97b0d288
Fix multiple XSS reflection vulnerabilities · sauruscms/Saurus-CMS-Community-Edition@8dec044 · GitHub
-
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-05.html
travel-freeExploit
-
http://seclists.org/fulldisclosure/2015/Jan/112
Full Disclosure: Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE)Exploit
-
http://www.openwall.com/lists/oss-security/2015/01/28/8
oss-security - CVE-Request -- Saurus CMS v.4.7 (Community Edition, released: 12.08.2014) -- Multiple reflecting XSS vulnerabilitiesExploit
Jump to