CVE-2020-26563

Опубликовано: 30 июл. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)

Ссылки

https://packetstormsecurity.com/files/163699/ObjectPlanet-Opinio-7.12-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.objectplanet.com/opinio/changelog.html
Release Notes
Vendor Advisory
https://packetstormsecurity.com/files/163699/ObjectPlanet-Opinio-7.12-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.objectplanet.com/opinio/changelog.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:objectplanet:opinio:*:*:*:*:*:*:*:*

Версия до 7.13 (исключая)

EPSS

Процентиль: 51%

0.00278

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x4xh-336q-prh9

github

больше 3 лет назад

ObjectPlanet Opinio before 7.13 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)