Описание
Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- Patch
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:n-stalker:n-stealth:commercial_5.8:*:*:*:*:*:*:*
cpe:2.3:a:n-stalker:n-stealth:free_5.8:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.0043
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.
EPSS
Процентиль: 62%
0.0043
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other