CVE-2021-4263

Опубликовано: 21 дек. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 0f9733c890077942150696dcc6d2b1482b7a0a19. It is recommended to apply a patch to fix this issue. The identifier VDB-216461 was assigned to this vulnerability.

Ссылки

https://github.com/leanote/leanote/commit/0f9733c890077942150696dcc6d2b1482b7a0a19
Patch
https://vuldb.com/?ctiid.216461
Third Party Advisory
https://vuldb.com/?id.216461
Third Party Advisory
https://github.com/leanote/leanote/commit/0f9733c890077942150696dcc6d2b1482b7a0a19
Patch
https://vuldb.com/?ctiid.216461
Third Party Advisory
https://vuldb.com/?id.216461
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:leanote:leanote:2.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00245

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6cmv-2548-82v4

CVSS3: 6.1

github

около 3 лет назад

leanote vulnerable to cross-site scripting

EPSS

Процентиль: 47%

0.00245

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79