exploitDog

CVE-2018-12651

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.

Ссылки

https://www.knowcybersec.com/2018/12/CVE-2018-12651-reflected-XSS.html
Exploit
Mitigation
Third Party Advisory
https://www.knowcybersec.com/2018/12/CVE-2018-12651-reflected-XSS.html
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:myadrenalin:human_resource_management_software:5.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2v9r-9rfw-9hvf

CVSS3: 6.1

github

больше 3 лет назад

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter.

EPSS

Процентиль: 45%

0.00226

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79