exploitDog

CVE-2020-27182

Опубликовано: 27 окт. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.

Ссылки

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/
Third Party Advisory
https://seclists.org/fulldisclosure/2020/Oct/28
Mailing List
Third Party Advisory
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/
Third Party Advisory
https://seclists.org/fulldisclosure/2020/Oct/28
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:konzept-ix:publixone:*:*:*:*:*:*:*:*

Версия до 2020.015 (исключая)

EPSS

Процентиль: 54%

0.00317

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vpcx-697c-pr8g

github

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.

EPSS

Процентиль: 54%

0.00317

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79