exploitDog

CVE-2018-11090

Опубликовано: 14 мая 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.

Ссылки

http://seclists.org/fulldisclosure/2018/May/32
Mailing List
Third Party Advisory
https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/
Third Party Advisory
http://seclists.org/fulldisclosure/2018/May/32
Mailing List
Third Party Advisory
https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mybiz:myprocurenet:5.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xgrg-j85f-cmwr

CVSS3: 6.1

github

больше 3 лет назад

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79