CVE-2019-25088

Опубликовано: 27 дек. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

EPSS Низкий

Описание

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/ytti/oxidized-web/commit/55ab9bdc68b03ebce9280b8746ef31d7fdedcc45
Patch
Third Party Advisory
https://github.com/ytti/oxidized-web/pull/195
Patch
Third Party Advisory
https://vuldb.com/?ctiid.216870
Third Party Advisory
https://vuldb.com/?id.216870
Third Party Advisory
https://github.com/ytti/oxidized-web/commit/55ab9bdc68b03ebce9280b8746ef31d7fdedcc45
Patch
Third Party Advisory
https://github.com/ytti/oxidized-web/pull/195
Patch
Third Party Advisory
https://vuldb.com/?ctiid.216870
Third Party Advisory
https://vuldb.com/?id.216870
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oxidized_web_project:oxidized_web:*:*:*:*:*:oxidized:*:*

Версия до 2019-07-01 (исключая)

EPSS

Процентиль: 55%

0.00322

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8qwh-rm6c-jv96

CVSS3: 5.4

github

около 3 лет назад

Oxidized Web vulnerable to Cross-site Scripting

EPSS

Процентиль: 55%

0.00322

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79