Описание
A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.
Уязвимые конфигурации
Конфигурация 1Версия от 0.27 (включая) до 48.2 (исключая)
cpe:2.3:a:wocu-monitoring:wocu_monitoring:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00235
Низкий
3.5 Low
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
почти 4 года назад
A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.
EPSS
Процентиль: 46%
0.00235
Низкий
3.5 Low
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79