Описание
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
Ссылки
- ExploitVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cobub:razor:0.7.2:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01271
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
EPSS
Процентиль: 79%
0.01271
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79