Описание
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0 (включая)
Одно из
cpe:2.3:a:cyber-ark:password_vault_web_access:*:*:*:*:*:*:*:*
cpe:2.3:a:cyber-ark:password_vault_web_access:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cyber-ark:password_vault_web_access:5.5:*:*:*:*:*:*:*
cpe:2.3:a:cyber-ark:password_vault_web_access:5.5:patch4:*:*:*:*:*:*
cpe:2.3:a:cyber-ark:password_vault_web_access:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cyber-ark:password_vault_web_access:6.0:patch2:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00285
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
EPSS
Процентиль: 52%
0.00285
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79