exploitDog

GHSA-w398-xm3m-xwv3

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack.

Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack.

Ссылки

EPSS

Процентиль: 46%

0.00235

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-32540

CVSS3: 5.4

nvd

больше 4 лет назад

Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack.

EPSS

Процентиль: 46%

0.00235

Низкий

CVE ID

Дефекты

CWE-79