phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| phoronix-media | phoronix_test_suite | * |
| fedoraproject | fedora | 34 |
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| phoronix-media | phoronix_test_suite | * |
| fedoraproject | fedora | 34 |
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| phoronix-media | phoronix_test_suite | * |
| fedoraproject | fedora | 34 |
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| phoronix-media | phoronix_test_suite | * |
| fedoraproject | fedora | 34 |
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 35 |
| fedoraproject | extra_packages_for_enterprise_linux | 9.0 |
| phoronix-media | phoronix_test_suite | * |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| fedoraproject | fedora | 34 |
| fedoraproject | extra_packages_for_enterprise_linux | 7.0 |
A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| phoronix-media | phoronix_test_suite | * |