CVE-2013-3538
published 2013-05-13CVE-2013-3538: Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.25%
86.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| file_project | file | >= 0 < 1:5.14-2ubuntu3.1 | 1:5.14-2ubuntu3.1 |
| wesley_destailleur | todoo_forum | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9h9f-5hm6-prqq: Multiple cross-site scripting (XSS) vulnerabilities in todooforum
ghsa_unreviewed·2022-05-17
CVE-2013-3538 [MEDIUM] CWE-79 GHSA-9h9f-5hm6-prqq: Multiple cross-site scripting (XSS) vulnerabilities in todooforum
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
OSV
file vulnerabilities
osv·2014-07-15·CVSS 5.0
CVE-2013-7345 file vulnerabilities
file vulnerabilities
Mike Frysinger discovered that the file awk script detector used multiple
wildcard with unlimited repetitions. An attacker could use this issue to
cause file to consume resources, resulting in a denial of service.
(CVE-2013-7345)
Francisco Alonso discovered that file incorrectly handled certain CDF
documents. A attacker could use this issue to cause file to hang or crash,
resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478,
CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)
Jan Kaluža discovered that file did not properly restrict the amount of
data read during regex searches. An attacker could use this issue to
cause file to consume resources, resulting in a denial of service.
(CVE-2014-3538)
Red Hat
file: unrestricted regular expression matching
vendor_redhat·2014-06-27·CVSS 5.0
CVE-2014-3538 [MEDIUM] file: unrestricted regular expression matching
file: unrestricted regular expression matching
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.
Package: cdrtools (Red Hat Enterprise Linux 5) - Not affected
Package: file (Red Hat Enterprise Linux 5) - Not affected
Package: php (Red Hat Enterprise Linux 5) -
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/92319http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.htmlhttp://www.securityfocus.com/bid/59069https://exchange.xforce.ibmcloud.com/vulnerabilities/83600http://osvdb.org/92319http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.htmlhttp://www.securityfocus.com/bid/59069https://exchange.xforce.ibmcloud.com/vulnerabilities/83600
2013-05-13
Published