exploitDog

CVE-2021-26711

Опубликовано: 05 фев. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.

Ссылки

https://vict0ni.me/redwood-report2web-xss-and-frame-injection/
Exploit
Third Party Advisory
https://vict0ni.me/report2web-xss-frame-injection.html
Broken Link
https://vict0ni.me/redwood-report2web-xss-and-frame-injection/
Exploit
Third Party Advisory
https://vict0ni.me/report2web-xss-frame-injection.html
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redwood:report2web:4.3.4.5:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00257

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-610

Связанные уязвимости

GHSA-qh7g-hfr4-f2f4

github

больше 3 лет назад

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.

EPSS

Процентиль: 49%

0.00257

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-610