exploitDog

GHSA-7546-wrqf-3fph

Опубликовано: 14 апр. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

Ссылки

EPSS

Процентиль: 27%

0.00098

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-29847

CVSS3: 5.4

nvd

почти 3 года назад

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

EPSS

Процентиль: 27%

0.00098

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79