Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-xmmg-4cv8-23px

Опубликовано: 16 фев. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 4.6

Описание

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.

Ссылки

EPSS

Процентиль: 36%
0.00149
Низкий

4.6 Medium

CVSS3

CVE ID

CVE-2024-22854

Дефекты

CWE-601
CWE-79

Связанные уязвимости

nvd логотип

CVE-2024-22854

CVSS3: 6.1
nvd
почти 2 года назад

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.

EPSS

Процентиль: 36%
0.00149
Низкий

4.6 Medium

CVSS3

CVE ID

CVE-2024-22854

Дефекты

CWE-601
CWE-79