CVE-2020-6847

Опубликовано: 11 янв. 2020

Источник: nvd

CVSS3: 7.6

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.

Ссылки

https://gist.github.com/Marshall-Hallenbeck/bf6a4a4f408bb7a5e0a47cb39dc1dbbe
Exploit
Patch
Third Party Advisory
https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473
Third Party Advisory
https://github.com/3s3s/opentrade/pull/337
Third Party Advisory
https://gist.github.com/Marshall-Hallenbeck/bf6a4a4f408bb7a5e0a47cb39dc1dbbe
Exploit
Patch
Third Party Advisory
https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473
Third Party Advisory
https://github.com/3s3s/opentrade/pull/337
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opentrade_project:opentrade:*:*:*:*:*:*:*:*

Версия до 0.2.0 (включая)

EPSS

Процентиль: 60%

0.00399

Низкий

7.6 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qc28-cr6x-h8vv

github

больше 3 лет назад

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.

EPSS

Процентиль: 60%

0.00399

Низкий

7.6 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79