Описание
Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.
Ссылки
- PatchVendor Advisory
- Vendor AdvisoryURL Repurposed
- PatchVendor Advisory
- Vendor AdvisoryURL Repurposed
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*
cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01822
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.
EPSS
Процентиль: 83%
0.01822
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other