CVE-2016-15022

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-15022
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-15022.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-15022
Aliases
Published
2023-01-29T19:15:08Z
Modified
2024-10-12T01:43:12.840944Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file checksystem.php. The manipulation of the argument $SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.7.19 is able to address this issue. The patch is named 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.

References

Affected packages

Git / github.com/mosbth/cimage

Affected ranges

Type
GIT
Repo
https://github.com/mosbth/cimage
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.1
v0.1.1
v0.2
v0.3
v0.4
v0.4.1
v0.5
v0.5.1
v0.5.2
v0.5.3
v0.6
v0.6.1
v0.6.2
v0.7.0
v0.7.0-rc.1
v0.7.0-rc.2
v0.7.1
v0.7.10
v0.7.11
v0.7.12
v0.7.13
v0.7.14
v0.7.15
v0.7.16
v0.7.17
v0.7.18
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9