Описание
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
Ссылки
- Not Applicable
- ExploitThird Party AdvisoryVDB Entry
- Not Applicable
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:invisioncommunity:community:4.5.4:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00429
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
EPSS
Процентиль: 62%
0.00429
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79