exploitDog

GHSA-cm2p-96gm-hwf2

Опубликовано: 13 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.

Ссылки

EPSS

Процентиль: 73%

0.00745

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-42751

CVSS3: 4.8

nvd

больше 3 лет назад

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.

EPSS

Процентиль: 73%

0.00745

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79