exploitDog

CVE-2021-28088

Опубликовано: 11 мар. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.

Ссылки

https://anotepad.com/note/read/s3kkk6h7
Exploit
Third Party Advisory
https://hackerone.com/reports/1119296
Permissions Required
Third Party Advisory
https://anotepad.com/note/read/s3kkk6h7
Exploit
Third Party Advisory
https://hackerone.com/reports/1119296
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:impresscms:impresscms:1.4.2:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00164

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-79hv-pfx6-hhpj

github

почти 5 лет назад

Cross-site scripting (XSS)

EPSS

Процентиль: 38%

0.00164

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79