exploitDog

CVE-2020-6583

Опубликовано: 08 янв. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action.

Ссылки

https://www.sevenlayers.com/index.php/282-online-invoicing-system-2-6-xss-session-hijack
Exploit
Third Party Advisory
https://www.sevenlayers.com/index.php/282-online-invoicing-system-2-6-xss-session-hijack
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bigprof:online_invoicing_system:*:*:*:*:*:*:*:*

Версия до 2.6 (включая)

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3776-639q-72wg

github

больше 3 лет назад

BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action.

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79