CVE-2015-2796
MEDIUMProjectPier - Cross-Site Scripting via Search Parameter
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/Project-Pier/ProjectPier-Core/issues/37
Scores
CVSS v3
6.1
EPSS
0.0108
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
projectpier/projectpier
0.8.8
Published
Feb 02, 2018
Tracked Since
Feb 18, 2026