exploitDog

GHSA-cxv4-2vr2-784m

Опубликовано: 21 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 7.2

Описание

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.

Ссылки

EPSS

Процентиль: 9%

0.00032

Низкий

5.1 Medium

CVSS4

7.2 High

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-47855

CVSS3: 7.2

nvd

17 дней назад

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.

EPSS

Процентиль: 9%

0.00032

Низкий

5.1 Medium

CVSS4

7.2 High

CVSS3

CVE ID

Дефекты

CWE-79