Описание
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:elabftw:elabftw:1.7.8:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.0032
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.
EPSS
Процентиль: 55%
0.0032
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79