CVE-2015-1864

Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kallithea-scm:kallithea:0.1:*:*:*:*:*:*:*
cpe:2.3:a:kallithea-scm:kallithea:0.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-19 15:29

Updated : 2024-02-28 16:04


NVD link : CVE-2015-1864

Mitre link : CVE-2015-1864

CVE.ORG link : CVE-2015-1864


JSON object : View

Products Affected

kallithea-scm

  • kallithea
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')