Описание
A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.
Ссылки
- Product
- ExploitThird Party AdvisoryVDB Entry
- Product
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:element-it:http_commander:3.1.9:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00125
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 4 лет назад
A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.
EPSS
Процентиль: 32%
0.00125
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79