SimplePHPscripts Funeral Script PHP 3.1 URL Parameter /preview.php Cross Site Scripting

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a SimplePHPscripts Funeral Script PHP 3.1. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /preview.php, a cikin sashi URL Parameter Handler. Wuro manipulation ga Cross Site Scripting. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-79. Lalle, rauni an sanar da shi 07/07/2023. Ana kiran wannan rauni da CVE-2023-3536. Ngam yiɗi ka a tuma ndiyam ka internet. Bayani na fasaha ga. Kuma, akwai exploit. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 69 Datenpunkte

FurɗeSúgá
07/07/2023 14:02		Gargadi 1/2
07/25/2023 12:31		Gargadi 2/2
07/25/2023 12:39
software_vendorSimplePHPscriptsSimplePHPscriptsSimplePHPscripts
software_nameFuneral Script PHPFuneral Script PHPFuneral Script PHP
software_version3.13.13.1
software_componentURL Parameter HandlerURL Parameter HandlerURL Parameter Handler
software_file/preview.php/preview.php/preview.php
vulnerability_cweCWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
exploit_availability111
source_cveCVE-2023-3536CVE-2023-3536CVE-2023-3536
cna_responsibleVulDBVulDBVulDB
advisory_date1688680800 (07/07/2023)1688680800 (07/07/2023)1688680800 (07/07/2023)
software_typeProgramming Language SoftwareProgramming Language SoftwareProgramming Language Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.43.43.4
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.23.23.2
cvss3_meta_basescore3.53.54.4
cvss3_meta_tempscore3.23.24.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1688680800 (07/07/2023)1688680800 (07/07/2023)
cve_nvd_summaryA vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore4.0
cvss3_nvd_basescore6.1
cvss3_cna_basescore3.5

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!