exploitDog

GHSA-wqvj-w8h2-pwwr

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

Ссылки

EPSS

Процентиль: 14%

0.00046

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-18176

CVSS3: 5.4

nvd

почти 8 лет назад

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

EPSS

Процентиль: 14%

0.00046

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79