exploitDog

GHSA-fc56-476w-j7fm

Опубликовано: 17 дек. 2021

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.

Ссылки

EPSS

Процентиль: 99%

0.78911

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-74

Связанные уязвимости

CVE-2021-45092

CVSS3: 9.8

nvd

около 4 лет назад

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.

EPSS

Процентиль: 99%

0.78911

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-74