PT-2008-6076 · Planetluc · Rateme
Publicado
2008-11-04
·
Atualizado
2017-08-08
·
CVE-2008-4898
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
planetluc RateMe version 1.3.3
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the
rate parameter in a submit rate action. This could potentially lead to unauthorized actions on the affected system.Recommendations
For planetluc RateMe version 1.3.3, consider restricting access to the submit rate action until a patch is available, and avoid using the
rate parameter in this action to minimize the risk of exploitation.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rateme