exploitDog

CVE-2020-23517

Опубликовано: 26 мар. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.

Ссылки

https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html
Exploit
Third Party Advisory
https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aryanic:high_cms:*:*:*:*:*:*:*:*

Версия до 2020 (включая)

EPSS

Процентиль: 94%

0.13375

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9vj6-xrwf-2fp9

github

больше 3 лет назад

Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.

EPSS

Процентиль: 94%

0.13375

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79