exploitDog

CVE-2020-28141

Опубликовано: 19 апр. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.

Ссылки

https://www.exploit-db.com/exploits/48897
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/48897
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:online_discussion_forum_project:online_discussion_forum:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00517

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-r9fr-9cp6-7c2h

github

больше 3 лет назад

The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.

EPSS

Процентиль: 66%

0.00517

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79