exploitDog

GHSA-5cc6-72p2-g6hh

Опубликовано: 15 апр. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.

Ссылки

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-45227

CVSS3: 5.4

nvd

почти 4 года назад

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79