- Description
- Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:telligent:evolution:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "359FE2DE-20B6-453B-807C-BC9E42EF0B08",
"versionEndExcluding": "6.1.19.36103",
"versionStartIncluding": "6.1"
},
{
"criteria": "cpe:2.3:a:telligent:evolution:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32984A88-782A-47EC-A831-936BDF5B3FC1",
"versionEndExcluding": "7.1.12.36162",
"versionStartIncluding": "7.1"
},
{
"criteria": "cpe:2.3:a:telligent:evolution:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "648DB555-9DAB-4B0D-AC37-A5F541D3773B",
"versionEndIncluding": "7.5.0.32466",
"versionStartIncluding": "7.5"
},
{
"criteria": "cpe:2.3:a:telligent:evolution:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28D195F2-8CE4-446F-A801-9A29201804F2",
"versionEndExcluding": "7.6.7.36651",
"versionStartIncluding": "7.6"
}
],
"operator": "OR"
}
]
}
]