Описание
Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI.
Ссылки
- Mailing ListThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- Mailing ListThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cloud4wi:splash_portal:5.9.6:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00495
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI.
EPSS
Процентиль: 65%
0.00495
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79