CVE-2017-16009

Опубликовано: 04 июн. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.

Ссылки

https://github.com/ceolter/ag-grid/issues/1287
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/327
Broken Link
Third Party Advisory
https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss
Exploit
Technical Description
Third Party Advisory
https://github.com/ceolter/ag-grid/issues/1287
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/327
Broken Link
Third Party Advisory
https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:ag-grid:ag-grid:*:*:*:*:*:*:*:*

Версия до 27.0.0 (исключая)

cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*

Версия до 1.6 (исключая)

EPSS

Процентиль: 65%

0.00494

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wfw3-rgfr-6g67