Описание
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.5.3 (включая) до 5.3.0 (исключая)
cpe:2.3:a:munkireport_project:munkireport:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00573
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail.
EPSS
Процентиль: 68%
0.00573
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79