CVE-2013-7277

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-7277
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html Patch Vendor Advisory
http://osvdb.org/101467 Patch
http://osvdb.org/101491
http://osvdb.org/101492
http://secunia.com/advisories/56228 Vendor Advisory
http://sourceforge.net/p/aphpkb/code/91 Exploit Patch
http://www.securityfocus.com/bid/64550
https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aphpkb:aphpkb:*:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.1:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.2:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.3:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.4:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.5:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.6:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.9:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.21:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.31:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.33:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.35:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.38:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.39:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.41:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.42:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.43:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.44:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.45:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.51:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.52:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.53:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.54:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.55:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.56:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.57:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.58:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.59:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.61:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.62:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.63:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.64:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.65:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.66:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.67:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.70:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.71:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.72:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.73:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.74:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.75:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.76:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.77:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.78:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.79:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.80:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.81:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.82:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.83:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.84:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.85:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.86:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.87:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.88:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.88.5:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.88.6:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.88.7:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.88.8:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.89:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.91:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.1:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.2:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.3:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.4:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.5:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.6:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.7:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.8:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.92.9:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.1:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.2:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.3:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.4:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.5:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.6:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.7:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.8:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.93.9:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.1:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.2:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.3:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.4:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.5:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.6:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.7:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.8:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.94.9:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.95:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.95.1:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.95.2:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.95.3:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.95.4:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.95.5:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.95.6:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.361:*:*:*:*:*:*:*
cpe:2.3:a:aphpkb:aphpkb:0.371:*:*:*:*:*:*:*
History

No history.

Information

Published : 2014-01-08 15:30

Updated : 2024-02-04 18:16

NVD link : CVE-2013-7277

Mitre link : CVE-2013-7277

CVE.ORG link : CVE-2013-7277

JSON object : View

Products Affected

aphpkb

  • aphpkb
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')