exploitDog

CVE-2018-20859

Опубликовано: 30 июл. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.

Ссылки

https://github.com/edx/edx-platform/commit/5b144559fbdba7ff673cc1c165aa2d343e07b6bd.patch
Patch
Third Party Advisory
https://groups.google.com/forum/#%21topic/openedx-announce/wsm5mtUhhME
https://patch-diff.githubusercontent.com/raw/edx/edx-platform/pull/18639.patch
Patch
Third Party Advisory
https://github.com/edx/edx-platform/commit/5b144559fbdba7ff673cc1c165aa2d343e07b6bd.patch
Patch
Third Party Advisory
https://groups.google.com/forum/#%21topic/openedx-announce/wsm5mtUhhME
https://patch-diff.githubusercontent.com/raw/edx/edx-platform/pull/18639.patch
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:edx:edx-platform:*:*:*:*:*:*:*:*

Версия до 2018-07-18 (исключая)

EPSS

Процентиль: 53%

0.00301

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mrv2-vg67-g8pw

CVSS3: 6.1

github

больше 3 лет назад

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.

EPSS

Процентиль: 53%

0.00301

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79