CVE-2017-6484

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-6484

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6484.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-6484

Aliases

GHSA-w969-pq6x-267j

Published

2017-03-05T20:59:00Z

Modified

2024-05-14T06:08:01.351472Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the "INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

References

https://github.com/INTER-Mediator/INTER-Mediator/issues/772

Affected packages

Git / github.com/inter-mediator/inter-mediator

Affected ranges

Type: GIT
Repo: https://github.com/inter-mediator/inter-mediator
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d0e686579398ac037b2c7de001c66dc93c5f085d

Affected versions

3.*

3.3-RC

3.4-RC

3.5-RC

3.6-RC

3.7-RC

3.8-RC

3.9-Released

4.*

4.1

4.2

4.3

4.4

4.5

4.6

4.7

5.*

5.0

5.1

5.1-RC1

5.2

5.2-RC1

5.2-RC2

5.2-RC3

5.3

5.3-RC1

5.4

5.4-RC1

5.4-RC2

5.4-RC3

5.5

5.5-RC1

5.5-RC2