CVE-2019-25095

Опубликовано: 05 янв. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/kakwa/ldapcherry/commit/6f98076281e9452fdb1adcd1bcbb70a6f968ade9
Patch
https://github.com/kakwa/ldapcherry/pull/16
Issue Tracking
Patch
https://github.com/kakwa/ldapcherry/releases/tag/1.0.0
Release Notes
Third Party Advisory
https://vuldb.com/?ctiid.217434
Third Party Advisory
https://vuldb.com/?id.217434
Third Party Advisory
https://github.com/kakwa/ldapcherry/commit/6f98076281e9452fdb1adcd1bcbb70a6f968ade9
Patch
https://github.com/kakwa/ldapcherry/pull/16
Issue Tracking
Patch
https://github.com/kakwa/ldapcherry/releases/tag/1.0.0
Release Notes
Third Party Advisory
https://vuldb.com/?ctiid.217434
Third Party Advisory
https://vuldb.com/?id.217434
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ldapcherry_project:ldapcherry:*:*:*:*:*:*:*:*

Версия до 1.0.0 (исключая)

EPSS

Процентиль: 52%

0.00289

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vq8w-x8v7-f88m

CVSS3: 6.1

github

около 3 лет назад

LdapCherry Cross-site Scripting vulnerbaility

EPSS

Процентиль: 52%

0.00289

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79