CVE-2015-1864 Information
Feb 14, 2021
cve
Description
Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details or the (3) repository (4) repository group or (5) user group description.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
http://www.openwall.com/lists/oss-security/2015/04/14/12 http://www.securityfocus.com/bid/74184 https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55 https://kallithea-scm.org/security/cve-2015-1864.html
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: