Описание
Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary web script or HTML via a logged shell command.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.1 (включая)
Одно из
cpe:2.3:a:intersectalliance:system_intrusion_analysis_and_reporting_environment:*:*:*:*:*:linux_kernel:*:*
cpe:2.3:a:intersectalliance:system_intrusion_analysis_and_reporting_environment:1.4:1:*:*:*:linux_kernel:*:*
cpe:2.3:a:intersectalliance:system_intrusion_analysis_and_reporting_environment:1.4.1:1:*:*:*:linux_kernel:*:*
cpe:2.3:a:intersectalliance:system_intrusion_analysis_and_reporting_environment:1.4.1:2:*:*:*:linux_kernel:*:*
cpe:2.3:a:intersectalliance:system_intrusion_analysis_and_reporting_environment:1.5.0:*:*:*:*:linux_kernel:*:*
EPSS
Процентиль: 42%
0.00199
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary web script or HTML via a logged shell command.
EPSS
Процентиль: 42%
0.00199
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79