CVE-2015-2974

LEMON-S PHP Gazou BBS + <2.36 - XSS

Title source: llm
STIX 2.1

Description

LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://jvn.jp/en/jp/JVN86680970/995636/index.html
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000106
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN86680970/index.html

Scores

EPSS 0.0134
EPSS Percentile 68.0%

Details

CWE
CWE-20
Status published
Products (1)
lemon-s_php/gazou_bbs_plus < 2.35
Published Jul 29, 2015
Tracked Since Feb 18, 2026