CVE-2017-7871
MEDIUMtdm < 2017-04-12 - Reflected Cross-Site Scripting via Webhook Challenge Parameter
Title source: llmDescription
trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/trollepierre/tdm/commit/2e89019d6a491f0a5ac3db8732181f6eb1d219aa
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/trollepierre/tdm/issues/50
Scores
CVSS v3
6.1
EPSS
0.0073
EPSS Percentile
50.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
tdm_project/tdm
< 2017-04-12
Published
Apr 14, 2017
Tracked Since
Feb 18, 2026