exploitDog

CVE-2018-14527

Опубликовано: 23 июл. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).

Ссылки

https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc
Exploit
Third Party Advisory
https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xiao5ucompany_project:xiao5ucompany:1.7:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f38f-7cmm-vg5q

CVSS3: 6.1

github

больше 3 лет назад

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79