CVE-2015-9260

An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bedita:bedita:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:40

Type Values Removed Values Added
References () https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html - Exploit, Third Party Advisory () https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html - Exploit, Third Party Advisory
References () https://github.com/bedita/bedita/issues/755#issuecomment-148036760 - Issue Tracking, Third Party Advisory () https://github.com/bedita/bedita/issues/755#issuecomment-148036760 - Issue Tracking, Third Party Advisory
References () https://github.com/bedita/bedita/releases/tag/v3.7.0 - Release Notes, Third Party Advisory () https://github.com/bedita/bedita/releases/tag/v3.7.0 - Release Notes, Third Party Advisory
References () https://github.com/cybersecurityworks/Disclosed/issues/8 - Exploit, Third Party Advisory () https://github.com/cybersecurityworks/Disclosed/issues/8 - Exploit, Third Party Advisory

Information

Published : 2018-07-05 02:29

Updated : 2024-11-21 02:40


NVD link : CVE-2015-9260

Mitre link : CVE-2015-9260

CVE.ORG link : CVE-2015-9260


JSON object : View

Products Affected

bedita

  • bedita
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')