4.3
CVSSv2

CVE-2016-10245

Published: 24/05/2019 Updated: 03/06/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

A vulnerability in Doxygen could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack on a targeted system. The vulnerability is due to insufficient sanitization of the query parameter in the templates/html/search_opensearch.php code of the affected software. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to the system. A successful exploit could allow the malicious user to execute arbitrary script or HTML code in the context of the affected site and access sensitive browser-based information. Doxygen has confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
DoxygenDoxygen1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.8.1, 1.2.9, 1.2.9.1, 1.2.10, 1.2.11, 1.2.11.1, 1.2.12, 1.2.13, 1.2.13.1, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.9.1, 1.3.rc1, 1.3.rc2, 1.3.rc3, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.7.1, 1.5.8, 1.5.9, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.5.1, 1.7.6, 1.7.6.1, 1.8.0, 1.8.1, 1.8.1.1, 1.8.1.2, 1.8.2, 1.8.3, 1.8.3.1, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.8.8, 1.8.9, 1.8.9.1, 1.8.10, 1.8.11

Vendor Advisories

Doxygen could be made to run scripts as your login if it received a specially crafted query ...
Impact: Low Public Date: 2019-05-24 CWE: CWE-352 Bugzilla: 1714190: CVE-2016-10245 doxygen: cross-site ...