- Description
- Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glucose:glucose_2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6493B34-3E06-4E39-AA47-BC693D708C0F",
"versionEndIncluding": "stage6.1"
},
{
"criteria": "cpe:2.3:a:glucose:glucose_2:beta_stage_5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85CB2D3F-58C7-4BD3-8E95-AB7ACB3EF831"
},
{
"criteria": "cpe:2.3:a:glucose:glucose_2:beta_stage_5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2199C39F-4AB1-4125-B780-3575A214A5B6"
},
{
"criteria": "cpe:2.3:a:glucose:glucose_2:stage6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A614D92C-4A81-4EAD-9258-454852139174"
}
],
"operator": "OR"
}
]
}
]