Total vulnerabilities in the database
Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.
| Software | From | Fixed in |
|---|---|---|
| cpaint / cpaint | 1.3_sp | 1.3_sp.x |
| cpaint / cpaint | 2.0.1 | 2.0.1.x |
| cpaint / cpaint | 1.01 | 1.01.x |
| cpaint / cpaint | 1.2 | 1.2.x |
| cpaint / cpaint | 1.0 | 1.0.x |
| cpaint / cpaint | 2.0.2 | 2.0.2.x |
| cpaint / cpaint | 1.3 | 1.3.x |
| cpaint / cpaint | 1.3_sp1 | 1.3_sp1.x |
| cpaint / cpaint | 2.0.0 | 2.0.0.x |
| cpaint / cpaint | pre1.0 | pre1.0.x |