MEDIUM
Bilboplanet
CVE published 2017-02-24
CVE-2014-9916
CVE-2014-9916 covers multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0. According to the CVE description, remote attackers can inject arbitrary web script or HTML through the tribe_name and tags parameters in tribes page requests to user/, as well as the user_id and fullname parameters in signup.php. NVD lists the weakness as CWE-79 and assigns a CVSS v3.1 score of 6.1 (medium).