exploitDog

GHSA-ccj4-7v26-43xx

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.

Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.

Ссылки

EPSS

Процентиль: 49%

0.00263

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-1000841

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-1000841

CVSS3: 6.1

nvd

около 7 лет назад

Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.

EPSS

Процентиль: 49%

0.00263

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-1000841

Дефекты

CWE-79