CVE-2018-14493

Опубликовано: 25 июл. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.

Ссылки

https://docs.google.com/document/d/1K3G6a8P_LhYdk5Ddn57Z2aDUpaGAS7I_F8lESVfSFfY/edit
Exploit
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/45160/
Exploit
Third Party Advisory
VDB Entry
https://docs.google.com/document/d/1K3G6a8P_LhYdk5Ddn57Z2aDUpaGAS7I_F8lESVfSFfY/edit
Exploit
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/45160/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opmantek:open-audit:2.2.6:*:*:*:community:*:*:*

EPSS

Процентиль: 81%

0.0162

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8xmf-7cm7-rpmm