exploitDog

GHSA-3q2f-wr5w-xp3w

Опубликовано: 02 апр. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.

Ссылки

EPSS

Процентиль: 88%

0.04272

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-24181

CVSS3: 6.1

nvd

почти 4 года назад

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.

EPSS

Процентиль: 88%

0.04272

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79