Cross-Site Scripting Vulnerabilities in nGrinder by Naver
CVE-2016-5060

6.1MEDIUM

Key Information:

Vendor

Naver

Status
Ngrinder
Vendor
CVE Published:
13 December 2016

What is CVE-2016-5060?

Multiple cross-site scripting vulnerabilities in nGrinder versions prior to 3.4 allow remote attackers to inject arbitrary web scripts or HTML through the user parameters: description, email, and username. Exploiting these vulnerabilities can lead to unauthorized data access and manipulation, significantly affecting the security posture of applications relying on nGrinder.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/naver/ngrinder/releases/tag/ngrinder-3...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/137469/nGrinder-3.3-...
x_refsource_MISC
http://seclists.org/fulldisclosure/2016/Jun/23
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.