Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rmp7-f2vp-3rq4

Опубликовано: 20 апр. 2021
Источник: github
Github: Прошло ревью
CVSS3: 5.4

Описание

Cross-site scripting in SiCKRAGE

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.

Ссылки

Пакеты

Наименование

sickrage

pip
Затронутые версииВерсия исправления

>= 4.2.0, <= 10.0.11.dev1

10.0.11.dev2

EPSS

Процентиль: 40%
0.00185
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-25925

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2021-25925

CVSS3: 5.4
nvd
почти 5 лет назад

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.

EPSS

Процентиль: 40%
0.00185
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-25925

Дефекты

CWE-79