CVE-2021-3151

Опубликовано: 27 фев. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.

Ссылки

http://packetstormsecurity.com/files/162815/i-doit-1.15.2-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.i-doit.org/news/
Release Notes
Vendor Advisory
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-056
Exploit
Vendor Advisory
http://packetstormsecurity.com/files/162815/i-doit-1.15.2-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.i-doit.org/news/
Release Notes
Vendor Advisory
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-056
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:i-doit:i-doit:*:*:*:*:*:*:*:*

Версия до 1.16.0 (исключая)

EPSS

Процентиль: 42%

0.002

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-cf7h-gr4c-wwxh

github

больше 3 лет назад