CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2013-6111
https://notcve.org/view.php?id=CVE-2013-6111
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el módulo mod_pagespeed 0.x, 1.0.22.7, 1.1.x, 1.24.1, hasta 1.3.25.1 1.3.25.4, 1.4.26.1 nasta1.4.26.4, 1.5.27.1 hasta 1.5. 27.3 y 1.6.29.1 1.6.29.6 hasta de Apache HTTP Server permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/99081 http://secunia.com/advisories/55429 http://www.securitytracker.com/id/1029262 https://groups.google.com/d/msg/mod-pagespeed-announce/oo015UHRxMc/JcAuf1hE8L8J • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4001
https://notcve.org/view.php?id=CVE-2012-4001
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers. El módulo mod_pagespeed anterior a v0.10.22.6 para Apache HTTP Server no verifica de forma adecuada su nombre de host, lo que permite a atacantes remotos provocar peticiones HTTP a cualquier hosts, a través de vectores no especificados, como lo demuestran las peticiones a los servidores de la intranet. • https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 • CWE-20: Improper Input Validation •