Описание
An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries.
Ссылки
- Release NotesVendor Advisory
- MitigationPatchThird Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- MitigationPatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ipfire:ipfire:2.21:core_update130:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00322
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking (local). The component is: Affected at Routing configuration via the "Remark" text box or "remark" parameter. The attack vector is: Attacker need to craft the malicious javascript code.
EPSS
Процентиль: 55%
0.00322
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79