exploitDog

CVE-2018-14396

Опубликовано: 07 сент. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters.

Ссылки

https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cremecrm:cremecrm:1.6.12:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qm5q-m2f9-vvhj

CVSS3: 5.4

github

больше 3 лет назад

An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters.

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79