Описание
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.
EPSS
Процентиль: 6%
0.00023
Низкий
8.8 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.8
github
6 месяцев назад
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.
EPSS
Процентиль: 6%
0.00023
Низкий
8.8 High
CVSS3
Дефекты
CWE-79