exploitDog

CVE-2020-11436

Опубликовано: 15 июл. 2020

Источник: nvd

CVSS3: 9

CVSS2: 6

EPSS Низкий

Описание

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.

Ссылки

https://know.bishopfox.com/advisories
Third Party Advisory
https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0
Exploit
Third Party Advisory
https://librehealth.io/
Vendor Advisory
https://know.bishopfox.com/advisories
Third Party Advisory
https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0
Exploit
Third Party Advisory
https://librehealth.io/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librehealth:librehealth_ehr:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00737

Низкий

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6456-mx72-qrcc

github

больше 3 лет назад

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.

EPSS

Процентиль: 72%

0.00737

Низкий

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79