GHSA-x347-fc9w-w7c3

Опубликовано: 06 янв. 2023

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.

Ссылки

Пакеты

Наименование

org.nuxeo.ecm.platform:nuxeo-platform-oauth

maven

Затронутые версииВерсия исправления

<= 10.10

Отсутствует

EPSS

Процентиль: 55%

0.00318

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-32828

Дефекты

CWE-502

CWE-79

Связанные уязвимости

CVE-2021-32828

CVSS3: 5.4

nvd

около 3 лет назад

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.

EPSS

Процентиль: 55%

0.00318

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-32828

Дефекты

CWE-502

CWE-79