exploitDog

CVE-2018-18864

Опубликовано: 20 нояб. 2018

Источник: nvd

CVSS3: 9.6

CVSS2: 9.3

EPSS Низкий

Описание

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.

Ссылки

http://packetstormsecurity.com/files/150135/Loadbalancer.org-Enterprise-VA-MAX-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/5
Exploit
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/150135/Loadbalancer.org-Enterprise-VA-MAX-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/5
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:loadbalancer:enterprise_va_max:*:*:*:*:*:*:*:*

Версия до 8.3.3 (исключая)

EPSS

Процентиль: 76%

0.00931

Низкий

9.6 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-757h-8w79-6prh

CVSS3: 9.6

github

больше 3 лет назад

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.

EPSS

Процентиль: 76%

0.00931

Низкий

9.6 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-79