Описание
ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page).
Ссылки
- ExploitPatchThird Party AdvisoryVDB Entry
- PatchRelease NotesVendor Advisory
- ExploitPatchThird Party AdvisoryVDB Entry
- PatchRelease NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.2.3 (исключая)
cpe:2.3:a:serverscheck:monitoring_software:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00223
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page).
EPSS
Процентиль: 45%
0.00223
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79