exploitDog

CVE-2021-27940

Опубликовано: 03 мар. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.

Ссылки

https://github.com/openark/orchestrator/pull/1313
Patch
Third Party Advisory
https://github.com/openark/orchestrator/releases/tag/v3.2.4
Release Notes
Third Party Advisory
https://www.youtube.com/watch?v=DOYm0DIS3Us
Exploit
Third Party Advisory
https://github.com/openark/orchestrator/pull/1313
Patch
Third Party Advisory
https://github.com/openark/orchestrator/releases/tag/v3.2.4
Release Notes
Third Party Advisory
https://www.youtube.com/watch?v=DOYm0DIS3Us
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openark:orchestrator:*:*:*:*:*:*:*:*

Версия до 3.2.4 (исключая)

EPSS

Процентиль: 61%

0.00419

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-752c-vfpf-cp2w

CVSS3: 6.1

github

больше 3 лет назад

openark/orchestrator cross-site scripting vulnerability

EPSS

Процентиль: 61%

0.00419

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79