CVE-2019-13488

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.0290%

EPSS Percentile22.26th

Published2019年7月10日

Last Modified2024年11月21日

Vulnerability Description

A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used.

Affected Platforms (CPE)

📦

Trape Project

Trape

<= 2019-05-08

References & Advisories

🔗 https://github.com/jofpin/trape/issues/169

相关漏洞威胁

CVE-2017-177139.8

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, ...

CVE-2019-134899.8

Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter.

CVE-2017-177146.1

Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /regis...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...