CVE-2019-7671

Опубликовано: 05 июн. 2019

Источник: nvd

CVSS3: 9

CVSS2: 3.5

EPSS Средний

Описание

Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.

Ссылки

http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://applied-risk.com/index.php/download_file/view/199/165
Broken Link
https://applied-risk.com/labs/advisories
Not Applicable
Third Party Advisory
https://applied-risk.com/resources/ar-2019-007
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
Third Party Advisory
US Government Resource
http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://applied-risk.com/index.php/download_file/view/199/165
Broken Link
https://applied-risk.com/labs/advisories
Not Applicable
Third Party Advisory
https://applied-risk.com/resources/ar-2019-007
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:primasystems:flexair:*:*:*:*:*:*:*:*

Версия до 2.3.38 (включая)

EPSS

Процентиль: 94%

0.13715

Средний

9 Critical

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6857-8pq4-3jcg