Описание
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.13 (исключая)Версия от 3.3.0 (включая) до 3.3.8 (исключая)Версия от 3.4.0 (включая) до 3.4.9 (исключая)
Одно из
cpe:2.3:a:cantemo:portal:*:*:*:*:*:*:*:*
cpe:2.3:a:cantemo:portal:*:*:*:*:*:*:*:*
cpe:2.3:a:cantemo:portal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00402
Низкий
9 Critical
CVSS3
6 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 9
github
больше 3 лет назад
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
EPSS
Процентиль: 60%
0.00402
Низкий
9 Critical
CVSS3
6 Medium
CVSS2
Дефекты
CWE-79