CVE-2014-9559CVE-2014-9559

Affected configuration(s):

cpe:/a:snipsnap:snipsnap:0.5.2a
cpe:/a:snipsnap:snipsnap:1.0b1
cpe:/a:snipsnap:snipsnap:1.0b2

Date published: 2015-02-03T11:59:06.157-05:00

Date last modified: 2015-02-03T22:37:56.367-05:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://seclists.org/fulldisclosure/2015/Feb/1

Summary: Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.