Описание
Azure Migrate Cross-Site Scripting Vulnerability
FAQ
What actions do customers need to take to protect themselves from this vulnerability?
The vulnerability has been mitigated by the latest change to the Azure Migrate Appliance. See here for information on how to ensure your Azure Migrate Appliance can get the latest Azure Migrate Agent and ConfigManager updates.
According to the CVSS metric, the attack vector is Network (AV:N), the attack complexity is Low (AC:L) and the privileges required is None (PR:L). What does this mean for this vulnerability?
An authenticated attacker could store a malicious JavaScript code in a parameter. This payload would get stored and execute a Stores-XSS when the webpage is rendered.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Azure Migrate Cross-Site Scripting Vulnerability
Уязвимость службы для переноса данных из локальной среды Azure Migrate, позволяющая нарушителю осуществить межсайтовую сценарную атаку
EPSS
6.5 Medium
CVSS3