Описание
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.5.109 (включая)
cpe:2.3:a:hyland:nuxeo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00318
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-502
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 3 лет назад
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
EPSS
Процентиль: 54%
0.00318
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-502
CWE-79