exploitDog

CVE-2021-36605

Опубликовано: 30 июл. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser.

Ссылки

https://github.com/3xxx/engineercms/issues/52
Exploit
Issue Tracking
Third Party Advisory
https://github.com/3xxx/engineercms/issues/52
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:engineercms_project:engineercms:1.03:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00172

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-cjcv-h2c2-pm28

github

больше 3 лет назад

engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser.

EPSS

Процентиль: 39%

0.00172

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79