exploitDog

CVE-2021-4103

Опубликовано: 23 янв. 2022

Источник: nvd

CVSS3: 6.8

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.

Ссылки

https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d
Patch
Third Party Advisory
https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225
Exploit
Patch
Third Party Advisory
https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d
Patch
Third Party Advisory
https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:b3log:vditor:*:*:*:*:*:*:*:*

Версия до 1.0.34 (исключая)

EPSS

Процентиль: 43%

0.00206

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-cxm3-v4mv-6mh8

CVSS3: 5.4

github

около 4 лет назад

vditor Vulnerable to Cross-site Scripting in SVG events

EPSS

Процентиль: 43%

0.00206

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79