CVE-2016-1229

NONE EPSS 62.4%
Published Jun 5, 201610y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 5, 2016 10y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Threat Intelligence

EPSS Exploit Probability
62.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 6

VendorProductVersionRange
humhubhumhub0.20.0any
humhubhumhub0.20.0any
humhubhumhub0.20.0any
humhubhumhub0.20.1any
humhubhumhub1.0.0any
humhubhumhub1.0.0any

References 3

  • jvn.jp http://jvn.jp/en/jp/JVN56167268/index.html
    Vendor Advisory
  • jvndb.jvn.jp http://jvndb.jvn.jp/jvndb/JVNDB-2016-000068
    Vendor Advisory
  • github.com https://github.com/humhub/humhub/releases/tag/v1.0.0-beta.3
    Patch

Remediation

  • github.com https://github.com/humhub/humhub/releases/tag/v1.0.0-beta.3
    Patch