Описание
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Issue Tracking
- Issue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Issue Tracking
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:beaker-project:beaker:20.1:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00393
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
EPSS
Процентиль: 60%
0.00393
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79