Home > Vulnerability Database > WS-2013-0017

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2013-0017

Good to know:

Date: March 14, 2013

Cross-site Scripting (XSS) in dcwatson bbcode before 1.0.9, attacks due to not escaping some symbols.

Language: Python

Severity Score

4.7

Related Resources (3)

Url: https://github.com/dcwatson/bbcode/issues/4

Url: https://github.com/dcwatson/bbcode/commit/116cb2067003e6c6f679ed3a34e9e00a97a332cf

Url: https://www.mend.io/vulnerability-database/WS-2013-0017

Severity Score

4.7

Weakness Type (CWE)

Code

CWE-17

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version bbcode - 1.0.9

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Do you need more information?

Contact Us