Home

CVE-2016-10245

Description

Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.505

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-10245 are affected in Doxygen 1.8.11Windows
Documentation system for C, C++, Java, Python and other languages (USN-4002-1) doxygen_1.8.11-1ubuntu0.1_i386.debLinux
Documentation system for C, C++, Java, Python and other languages (USN-4002-1) doxygen_1.8.11-1ubuntu0.1_amd64.debLinux
SUSE-SU-2019:1570-1(SUSE Linux Enterprise Desktop 12-SP4 ) doxygen-1.8.6-3.3.1.x86_64.rpmLinux
SUSE-SU-2019:1570-1(SUSE Linux Enterprise Desktop 12-SP3 ) doxygen-debuginfo-1.8.6-3.3.1.x86_64.rpmLinux
SUSE-SU-2019:1570-1(SUSE Linux Enterprise Desktop 12-SP4 ) doxygen-debugsource-1.8.6-3.3.1.x86_64.rpmLinux
(RHSA-2020:1034) doxygen security and bug fix update doxygen-1.8.5-4.el7.x86_64.rpmLinux
(RHSA-2020:1034) doxygen security and bug fix update doxygen-doxywizard-1.8.5-4.el7.x86_64.rpmLinux
(RHSA-2020:1034) doxygen security and bug fix update doxygen-latex-1.8.5-4.el7.x86_64.rpmLinux
(CESA-2020:1034) doxygen security and bug fix update doxygen-1.8.5-4.el7.x86_64.rpmLinux
(CESA-2020:1034) doxygen security and bug fix update doxygen-doxywizard-1.8.5-4.el7.x86_64.rpmLinux
(CESA-2020:1034) doxygen security and bug fix update doxygen-latex-1.8.5-4.el7.x86_64.rpmLinux
(RHSA-2020:1034)Low: security and bug fix update doxygen-debuginfo-1.8.5-4.el7.x86_64.rpmLinux
Doxygen update (ELSA-2020-1034) doxygen-1.8.5-4.el7.x86_64.rpmLinux
doxygen Security Update (ALAS-2020-1508) doxygen-1.8.5-4.amzn2.x86_64.rpmLinux
doxygen Security Update (ALAS-2020-1508) doxygen-latex-1.8.5-4.amzn2.x86_64.rpmLinux
doxygen Security Update (ALAS-2020-1508) doxygen-doxywizard-1.8.5-4.amzn2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-348269Doxygen (1.14.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234