exploitDog

CVE-2020-29239

Опубликовано: 02 дек. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.

Ссылки

https://www.exploit-db.com/exploits/49159
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/49159
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:janobe:online_voting_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00113

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8mpf-4w97-xg37

CVSS3: 6.1

github

больше 3 лет назад

Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.

EPSS

Процентиль: 31%

0.00113

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79