CVE-2021-40310

Опубликовано: 24 сент. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.

Ссылки

https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md
Exploit
Third Party Advisory
https://github.com/OS4ED/openSIS-Classic
Product
Third Party Advisory
https://www.youtube.com/watch?v=aPKPUDmmYpc
Exploit
Third Party Advisory
https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md
Exploit
Third Party Advisory
https://github.com/OS4ED/openSIS-Classic
Product
Third Party Advisory
https://www.youtube.com/watch?v=aPKPUDmmYpc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*

EPSS

Процентиль: 49%

0.00263

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3xrw-4r8r-42q3

github

больше 3 лет назад