exploitDog

GHSA-7662-cpv6-522m

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.

A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.

Ссылки

EPSS

Процентиль: 52%

0.00286

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-12592

CVSS3: 6.1

nvd

больше 6 лет назад

A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.

EPSS

Процентиль: 52%

0.00286

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79