Описание
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- PatchVendor Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3 (исключая)
cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00391
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.
EPSS
Процентиль: 60%
0.00391
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79