exploitDog

CVE-2018-6545

Опубликовано: 02 фев. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.

Ссылки

https://crowdshield.com/blog.php?name=ipswitch-moveit-stored-xss
Exploit
Third Party Advisory
https://crowdshield.com/blog.php?name=ipswitch-moveit-stored-xss
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ipswitch:moveit:8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00013

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x6wv-x5v2-w3m8

CVSS3: 6.1

github

больше 3 лет назад

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.

EPSS

Процентиль: 2%

0.00013

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79