exploitDog

GHSA-c33v-j96v-576w

Опубликовано: 09 фев. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.

A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.

Ссылки

EPSS

Процентиль: 79%

0.01302

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-43635

CVSS3: 6.1

nvd

около 4 лет назад

A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.

EPSS

Процентиль: 79%

0.01302

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79