exploitDog

GHSA-pm7v-mjff-mxvv

Опубликовано: 22 апр. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 4.6

Описание

Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover.

Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover.

Ссылки

EPSS

Процентиль: 38%

0.00169

Низкий

4.6 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-4026

CVSS3: 4.6

nvd

почти 2 года назад

Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover.

EPSS

Процентиль: 38%

0.00169

Низкий

4.6 Medium

CVSS3

CVE ID

Дефекты

CWE-79