CVE-2013-7277

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
aphpkbaphpkb
𝑥
≤ 0.95.7
aphpkbaphpkb
0.1
aphpkbaphpkb
0.2
aphpkbaphpkb
0.3
aphpkbaphpkb
0.4
aphpkbaphpkb
0.5
aphpkbaphpkb
0.6
aphpkbaphpkb
0.9
aphpkbaphpkb
0.21
aphpkbaphpkb
0.31
aphpkbaphpkb
0.33
aphpkbaphpkb
0.35
aphpkbaphpkb
0.38
aphpkbaphpkb
0.39
aphpkbaphpkb
0.41
aphpkbaphpkb
0.42
aphpkbaphpkb
0.43
aphpkbaphpkb
0.44
aphpkbaphpkb
0.45
aphpkbaphpkb
0.51
aphpkbaphpkb
0.52
aphpkbaphpkb
0.53
aphpkbaphpkb
0.54
aphpkbaphpkb
0.55
aphpkbaphpkb
0.56
aphpkbaphpkb
0.57
aphpkbaphpkb
0.58
aphpkbaphpkb
0.59
aphpkbaphpkb
0.61
aphpkbaphpkb
0.62
aphpkbaphpkb
0.63
aphpkbaphpkb
0.64
aphpkbaphpkb
0.65
aphpkbaphpkb
0.66
aphpkbaphpkb
0.67
aphpkbaphpkb
0.70
aphpkbaphpkb
0.71
aphpkbaphpkb
0.72
aphpkbaphpkb
0.73
aphpkbaphpkb
0.74
aphpkbaphpkb
0.75
aphpkbaphpkb
0.76
aphpkbaphpkb
0.77
aphpkbaphpkb
0.78
aphpkbaphpkb
0.79
aphpkbaphpkb
0.80
aphpkbaphpkb
0.81
aphpkbaphpkb
0.82
aphpkbaphpkb
0.83
aphpkbaphpkb
0.84
aphpkbaphpkb
0.85
aphpkbaphpkb
0.86
aphpkbaphpkb
0.87
aphpkbaphpkb
0.88
aphpkbaphpkb
0.88.5
aphpkbaphpkb
0.88.6
aphpkbaphpkb
0.88.7
aphpkbaphpkb
0.88.8
aphpkbaphpkb
0.89
aphpkbaphpkb
0.91
aphpkbaphpkb
0.92
aphpkbaphpkb
0.92.1
aphpkbaphpkb
0.92.2
aphpkbaphpkb
0.92.3
aphpkbaphpkb
0.92.4
aphpkbaphpkb
0.92.5
aphpkbaphpkb
0.92.6
aphpkbaphpkb
0.92.7
aphpkbaphpkb
0.92.8
aphpkbaphpkb
0.92.9
aphpkbaphpkb
0.93.1
aphpkbaphpkb
0.93.2
aphpkbaphpkb
0.93.3
aphpkbaphpkb
0.93.4
aphpkbaphpkb
0.93.5
aphpkbaphpkb
0.93.6
aphpkbaphpkb
0.93.7
aphpkbaphpkb
0.93.8
aphpkbaphpkb
0.93.9
aphpkbaphpkb
0.94.1
aphpkbaphpkb
0.94.2
aphpkbaphpkb
0.94.3
aphpkbaphpkb
0.94.4
aphpkbaphpkb
0.94.5
aphpkbaphpkb
0.94.6
aphpkbaphpkb
0.94.7
aphpkbaphpkb
0.94.8
aphpkbaphpkb
0.94.9
aphpkbaphpkb
0.95
aphpkbaphpkb
0.95.1
aphpkbaphpkb
0.95.2
aphpkbaphpkb
0.95.3
aphpkbaphpkb
0.95.4
aphpkbaphpkb
0.95.5
aphpkbaphpkb
0.95.6
aphpkbaphpkb
0.361
aphpkbaphpkb
0.371
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html
http://osvdb.org/101467
http://osvdb.org/101491
http://osvdb.org/101492
http://secunia.com/advisories/56228
http://sourceforge.net/p/aphpkb/code/91
http://www.securityfocus.com/bid/64550
https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase
http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html
http://osvdb.org/101467
http://osvdb.org/101491
http://osvdb.org/101492
http://secunia.com/advisories/56228
http://sourceforge.net/p/aphpkb/code/91
http://www.securityfocus.com/bid/64550
https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase