CVE-2019-7693

Опубликовано: 10 фев. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation.

Ссылки

http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf
Product
Vendor Advisory
https://pastebin.com/raw/nQ648Dif
Exploit
Third Party Advisory
http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf
Product
Vendor Advisory
https://pastebin.com/raw/nQ648Dif
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:axiositalia:registro_elettronico:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:axiositalia:registro_elettronico:7.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00266

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rcqq-fg2p-r65c