CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for C.P.Sub Project C.P.Sub 5.2

Titles listed in dictionary

CPE for product: cpe:2.3:a:c.p.sub_project:c.p.sub:5.2:*:*:*:*:*:*:*

Showing 1-2 of 2
Medium damage 6.5
Easy to exploit
(other affected products) Published: Mon Feb 11 21:29:00 2019 UTC. Last Modified: Wed Feb 13 12:31:00 2019 UTC
CPE matches: cpe:2.3:a:c.p.sub_project:c.p.sub:*:*:*:*:*:*:*:* && versionEndExcluding=5.3

Description

C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.

Damage

Attack conditions

Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N (CVSSv3)

Type of bug(s)

References

Medium-low damage 6.1
Easy to exploit
(other affected products) Published: Tue Aug 29 15:29:00 2017 UTC. Last Modified: Sat Sep 2 15:32:00 2017 UTC
CPE matches: cpe:2.3:a:c.p.sub_project:c.p.sub:5.2:*:*:*:*:*:*:*

Description

Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.

Damage

Attack conditions

Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (CVSSv3)

Type of bug(s)

References