exploitDog

GHSA-wpwv-j45h-pwcg

Опубликовано: 22 мар. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.

Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.

Ссылки

EPSS

Процентиль: 48%

0.0025

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-25807

CVSS3: 6.1

nvd

почти 2 года назад

Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.

EPSS

Процентиль: 48%

0.0025

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79