exploitDog

CVE-2019-13493

Опубликовано: 17 июл. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.

Ссылки

http://packetstormsecurity.com/files/153613/Sitecore-9.0-Rev-171002-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/153613/Sitecore-9.0-Rev-171002-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sitecore:experience_platform:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00188

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x9jp-5rg5-vc76

CVSS3: 5.4

github

больше 3 лет назад

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.

EPSS

Процентиль: 41%

0.00188

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79