An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
References
Link | Resource |
---|---|
https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html | Exploit Third Party Advisory |
https://github.com/bedita/bedita/issues/755#issuecomment-148036760 | Issue Tracking Third Party Advisory |
https://github.com/bedita/bedita/releases/tag/v3.7.0 | Release Notes Third Party Advisory |
https://github.com/cybersecurityworks/Disclosed/issues/8 | Exploit Third Party Advisory |
https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html | Exploit Third Party Advisory |
https://github.com/bedita/bedita/issues/755#issuecomment-148036760 | Issue Tracking Third Party Advisory |
https://github.com/bedita/bedita/releases/tag/v3.7.0 | Release Notes Third Party Advisory |
https://github.com/cybersecurityworks/Disclosed/issues/8 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 02:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html - Exploit, Third Party Advisory | |
References | () https://github.com/bedita/bedita/issues/755#issuecomment-148036760 - Issue Tracking, Third Party Advisory | |
References | () https://github.com/bedita/bedita/releases/tag/v3.7.0 - Release Notes, Third Party Advisory | |
References | () https://github.com/cybersecurityworks/Disclosed/issues/8 - Exploit, Third Party Advisory |
Information
Published : 2018-07-05 02:29
Updated : 2024-11-21 02:40
NVD link : CVE-2015-9260
Mitre link : CVE-2015-9260
CVE.ORG link : CVE-2015-9260
JSON object : View
Products Affected
bedita
- bedita
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')