exploitDog

GHSA-rhmr-8qxw-mm32

Опубликовано: 04 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 5.3

CVSS3: 5.4

Описание

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

Ссылки

EPSS

Процентиль: 8%

0.0003

Низкий

5.3 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-66574

CVSS3: 5.4

nvd

2 месяца назад

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open Object in Tree` endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

EPSS

Процентиль: 8%

0.0003

Низкий

5.3 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79