CVE-2013-3639

Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.

Published : 2014-02-05 15:10 Updated : 2017-08-29 01:33

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Xaraya Xaraya 2.4.0 cpe:/a:xaraya:xaraya:2.4.0:b1
  1. Xaraya (1) Search CVE
    1. Xaraya (1) Search CVE
      1. 2.4.0

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2017-08-29 06:24
2014-02-05 15:10

New CVE