Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4433

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-4433
Last Modified 12 Mar 2014 09:25:56
Published 11 Mar 2014 03:37:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4433

Summary

Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter.

Vulnerable Systems

Application

  • Php Xhprof 0.9.0

  • Php Xhprof 0.9.1

  • Php Xhprof 0.9.2

  • Php Xhprof 0.9.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1018114

XF - xhprof-cve20134433-xss(88085)

BID - 62928

MLIST - [oss-security] 20141015 Re: CVE request: xss in XHProf

CONFIRM - http://pecl.php.net/package-changelog.php?package=xhprof&release=0.9.4


Last Updated: 27 May 2016 11:04:37