CVE-2021-31673

Опубликовано: 02 мая 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.

Ссылки

http://cyclos.com
Not Applicable
http://packetstormsecurity.com/files/167040/Cyclos-4.14.7-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-cve-2021-31673
Exploit
Third Party Advisory
http://cyclos.com
Not Applicable
http://packetstormsecurity.com/files/167040/Cyclos-4.14.7-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-cve-2021-31673
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cyclos:cyclos:*:*:*:*:pro:*:*:*

Версия от 4.0.0 (включая) до 4.14.7 (включая)

EPSS

Процентиль: 86%

0.02705

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qm46-6wfp-r2qq