CVE-2017-20182

Опубликовано: 10 мар. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The patch is named 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611.

Ссылки

https://github.com/mvpoland/django-ajax-utilities/commit/329eb1dd1580ca1f9d4f95bc69939833226515c9
Patch
https://vuldb.com/?ctiid.222611
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.222611
Third Party Advisory
VDB Entry
https://github.com/mvpoland/django-ajax-utilities/commit/329eb1dd1580ca1f9d4f95bc69939833226515c9
Patch
https://vuldb.com/?ctiid.222611
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.222611
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mobilevikings:django_ajax_utilities:*:*:*:*:*:*:*:*

Версия до 1.2.1 (включая)

EPSS

Процентиль: 22%

0.00073

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p4g9-c9qr-wmg5

CVSS3: 6.1

github

почти 3 года назад

Cross-site Scripting in django-ajax-utilities

EPSS

Процентиль: 22%

0.00073

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79