Описание
MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:squiz:mysource_matrix:3.8:*:*:*:*:*:*:*
cpe:2.3:a:squiz:mysource_matrix:3.8.2:*:*:*:*:*:*:*
cpe:2.3:a:squiz:mysource_matrix:3.8.3:*:*:*:*:*:*:*
cpe:2.3:a:squiz:mysource_matrix:3.8.4:*:*:*:*:*:*:*
cpe:2.3:a:squiz:mysource_matrix:3.8.5:*:*:*:*:*:*:*
cpe:2.3:a:squiz:mysource_matrix:3.8.6a:*:*:*:*:*:*:*
cpe:2.3:a:squiz:mysource_matrix:3.10:*:*:*:*:*:*:*
cpe:2.3:a:squiz:mysource_matrix:3.10.1:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01222
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
** DISPUTED ** MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability."
EPSS
Процентиль: 79%
0.01222
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other