Описание
FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:flightairmap:flightairmap:0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:0.5:beta1:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:0.6:beta1:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta10:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta11:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta12:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta13:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta14:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta15:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta16:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta17:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta18:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta19:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta20:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta21:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta6:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta7:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta8:*:*:*:*:*:*
cpe:2.3:a:flightairmap:flightairmap:1.0:beta9:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.0024
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.
EPSS
Процентиль: 47%
0.0024
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79