Описание
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
Уязвимые конфигурации
Конфигурация 1Версия от 11.0.0 (включая) до 11.8.8 (исключая)Версия от 12.0.0 (включая) до 12.13.0 (исключая)
Одно из
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00202
Низкий
4.7 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 4 года назад
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
EPSS
Процентиль: 42%
0.00202
Низкий
4.7 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20
CWE-79