4.3

CVE-2012-3830

Exploit
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MilesjDecoda Version <= 3.3.1
MilesjDecoda Version2.2
MilesjDecoda Version2.3
MilesjDecoda Version2.4
MilesjDecoda Version2.5
MilesjDecoda Version2.6
MilesjDecoda Version2.7
MilesjDecoda Version2.8
MilesjDecoda Version2.9
MilesjDecoda Version3.0
MilesjDecoda Version3.1
MilesjDecoda Version3.2
MilesjDecoda Version3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.75% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/81637
http://secunia.com/advisories/48931
Vendor Advisory
http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags
http://www.securityfocus.com/bid/53332
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/75333
https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83
Patch
Exploit
https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9
Patch
Exploit