exploitDog

GHSA-4cm4-r3q9-95wh

Опубликовано: 03 нояб. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

Ссылки

EPSS

Процентиль: 56%

0.00338

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-42753

CVSS3: 6.1

nvd

больше 3 лет назад

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

EPSS

Процентиль: 56%

0.00338

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79