exploitDog

CVE-2020-7747

Опубликовано: 20 окт. 2020

Источник: nvd

CVSS3: 6.3

CVSS2: 3.5

EPSS Низкий

Описание

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.

Ссылки

https://github.com/lightning-viz/lightning/blob/master/app/controllers/session.js%23L230
Broken Link
https://snyk.io/vuln/SNYK-JS-LIGHTNINGSERVER-1019381
Exploit
Third Party Advisory
https://github.com/lightning-viz/lightning/blob/master/app/controllers/session.js
Exploit
Vendor Advisory
https://github.com/lightning-viz/lightning/blob/master/app/controllers/session.js%23L230
Broken Link
https://snyk.io/vuln/SNYK-JS-LIGHTNINGSERVER-1019381
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lightning-viz:lightning:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 63%

0.00437

Низкий

6.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gmch-cm2p-9qw9

CVSS3: 6.3

github

больше 4 лет назад

Cross-site Scripting in lightning-server

EPSS

Процентиль: 63%

0.00437

Низкий

6.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79