CVE-2019-12880

Опубликовано: 24 июн. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm.

Ссылки

http://packetstormsecurity.com/files/153405/Quarking-Password-Manager-3.1.84-Clickjacking.html
http://seclists.org/fulldisclosure/2019/Jun/31
Mailing List
Third Party Advisory
https://chrome.google.com/webstore/detail/quarking-password-manager/gfkmpfajamepgekgohcdnjogmeamcdmm?hl=en
Product
Vendor Advisory
http://packetstormsecurity.com/files/153405/Quarking-Password-Manager-3.1.84-Clickjacking.html
http://seclists.org/fulldisclosure/2019/Jun/31
Mailing List
Third Party Advisory
https://chrome.google.com/webstore/detail/quarking-password-manager/gfkmpfajamepgekgohcdnjogmeamcdmm?hl=en
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bcnquark:quarking_password_manager:3.1.84:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00247

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-1021

Связанные уязвимости

GHSA-hq98-38ph-6pg8

github

больше 3 лет назад

EPSS

Процентиль: 48%

0.00247

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-1021