- Description
- Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webevents:webevents:2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E756684C-C8FD-48AB-B861-AD23622C6B60"
},
{
"criteria": "cpe:2.3:a:webevents:webevents:2.61:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "956F3644-249A-4248-A721-59E499E0299D"
},
{
"criteria": "cpe:2.3:a:webevents:webevents:2.71:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1DBDB1A-EC3B-4D54-B108-4C10947F49DA"
},
{
"criteria": "cpe:2.3:a:webevents:webevents:2.72:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "661870B4-DDFC-48AA-851F-897A39D424E4"
},
{
"criteria": "cpe:2.3:a:webevents:webevents:4.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0F25F96-3C82-4EBF-92BD-C20C335EFE93"
}
],
"operator": "OR"
}
]
}
]