Описание
A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.
Ссылки
- ProductThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.0 (исключая)
cpe:2.3:a:codexnotes:codex:*:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01302
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 4 года назад
A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.
EPSS
Процентиль: 79%
0.01302
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79