exploitDog

GHSA-vcfh-ffm4-cq9m

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do.

Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do.

Ссылки

EPSS

Процентиль: 49%

0.00256

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2010-3890

nvd

около 15 лет назад

Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do.

EPSS

Процентиль: 49%

0.00256

Низкий

CVE ID

Дефекты

CWE-79