Описание
Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated and unauthenticated users.
Ссылки
- Mailing ListThird Party Advisory
- Product
- Mailing ListThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.10 (исключая)
cpe:2.3:a:oneshield:oneshield_policy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.0088
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated and unauthenticated users.
EPSS
Процентиль: 75%
0.0088
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79