exploitDog

CVE-2020-25071

Опубликовано: 15 сент. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be created, but the alert won't be executed as those attributes are now stripped.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:niftypm:nifty:2020-08-26:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00415

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p7cq-h6rv-rjw6

CVSS3: 5.4

github

больше 3 лет назад

Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit.

EPSS

Процентиль: 61%

0.00415

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79