Vulnerability CVE-2019-9605

Vulnerability CVE-2019-9605

Published: 2019-03-29

Description:

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Online lottery php readymade script project -> Online lottery php readymade script

References:

https://hackingvila.wordpress.com/2019/03/06/php-scripts-mall-online-lottery-php-readymade-script-1-7-0-has-reflected-cross-site-scripting-xss-via-the-err-value-in-a-ico-picture-uploadcve-2019-9605/

Vulnerability CVE-2019-9605

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.

CWE-79

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

3.5/10

2.9/10

6.8/10

Remote

Medium

Single time

None

Partial

None

Affected software

References: