Описание
All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.414.084 (исключая)
cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00444
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him.
EPSS
Процентиль: 63%
0.00444
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79