exploitDog

GHSA-4fq3-g7gg-vxwr

Опубликовано: 30 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint.

Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint.

Ссылки

EPSS

Процентиль: 17%

0.00055

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-52179

CVSS3: 6.1

nvd

3 месяца назад

Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint.

EPSS

Процентиль: 17%

0.00055

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79