exploitDog

CVE-2021-37470

Опубликовано: 25 июл. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.

Ссылки

https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_XSS.md
Exploit
Third Party Advisory
https://www.nch.com.au/webdictate/index.html
Product
https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_XSS.md
Exploit
Third Party Advisory
https://www.nch.com.au/webdictate/index.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nchsoftware:webdictate:*:*:*:*:*:*:*:*

Версия до 2.13 (включая)

EPSS

Процентиль: 51%

0.00278

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mjf7-37pm-5wf4

github

больше 3 лет назад

In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.

EPSS

Процентиль: 51%

0.00278

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79