exploitDog

GHSA-mq63-cgjw-m94m

Опубликовано: 16 мар. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.

A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.

Ссылки

EPSS

Процентиль: 76%

0.00928

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-1421

CVSS3: 3.5

nvd

почти 3 года назад

A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.

CVE-2023-1421

CVSS3: 3.5

debian

почти 3 года назад

A reflected cross-site scripting vulnerability in the OAuth flow compl ...

EPSS

Процентиль: 76%

0.00928

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79