CVE-2011-5301 — MEDIUM (4.3)

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the story_url parameter to add_story.php, (2) the email parameter to editprofile.php, (3) the title parameter to adm/content_add.php, or (4) the username parameter to adm/admin_edit.php.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Kubelabs	Phpdug	2.0.0

Related Weaknesses (CWE)

CWE-79

References

https://www.htbridge.com/advisory/HTB22970Exploit
https://www.htbridge.com/advisory/HTB22970Exploit

FAQ

What is CVE-2011-5301?

CVE-2011-5301 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the story_url parameter to add_story.php, (2) the email parame...

How severe is CVE-2011-5301?

CVE-2011-5301 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-5301?

Check the references section above for vendor advisories and patch information. Affected products include: Kubelabs Phpdug.