CVE-2023-3726

Опубликовано: 04 янв. 2024

Источник: debian

EPSS Низкий

Описание

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

Пакет	Статус	Версия исправления	Релиз	Тип
ocsinventory-server	unfixed			package

https://fluidattacks.com/advisories/creed/
https://github.com/OCSInventory-NG/OCSInventory-ocsreports/pull/1545
https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/78b5545b0a2e3e484605d9364424d6b924897aaf (2.12.1)
https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/91780aefb904c9eac114e99246b3bef0d4e7d83c (2.12.1)
Only supported behind an authenticated HTTP zone

EPSS

Процентиль: 19%

0.00059

Низкий

CVE-2023-3726

CVSS3: 6.9

ubuntu

около 2 лет назад

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

CVE-2023-3726

CVSS3: 6.9

nvd

около 2 лет назад

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

GHSA-vrmh-7wgx-mjw7

CVSS3: 4.9

github

около 2 лет назад

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

EPSS

Процентиль: 19%

0.00059

Низкий