exploitDog

CVE-2018-1000163

Опубликовано: 18 апр. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console.

Ссылки

https://xiaofen9.github.io/blog/floodlight-rce/
Exploit
Third Party Advisory
https://xiaofen9.github.io/blog/floodlight-rce/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectfloodlight:floodlight:*:*:*:*:*:*:*:*

Версия до 1.2 (включая)

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rfx8-7jqh-g9mf

CVSS3: 6.1

github

больше 3 лет назад

Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79