Описание
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- PatchUS Government Resource
- Exploit
- Exploit
- Vendor Advisory
- PatchVendor Advisory
- PatchUS Government Resource
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*
cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*
cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03287
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.
EPSS
Процентиль: 87%
0.03287
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79