CVE-2021-31674

Опубликовано: 02 мая 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.

Ссылки

http://cyclos.com
Product
https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-in-undefined-enum-cve-2021-31674
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50908
Exploit
Third Party Advisory
http://cyclos.com
Product
https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-in-undefined-enum-cve-2021-31674
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50908
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cyclos:cyclos:*:*:*:*:pro:*:*:*

Версия от 4.0.0 (включая) до 4.14.7 (включая)

EPSS

Процентиль: 84%

0.02158

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x493-7fm3-mc5q