CVE-2021-45422

Опубликовано: 13 янв. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.

Ссылки

http://reprise.com
Broken Link
https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-45422/RLM%2014.2%20Cross%20Site%20Scripting.txt
Exploit
Third Party Advisory
https://seclists.org/fulldisclosure/2022/Jan/31
Exploit
Mailing List
Third Party Advisory
https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/
Third Party Advisory
http://reprise.com
Broken Link
https://seclists.org/fulldisclosure/2022/Jan/31
Exploit
Mailing List
Third Party Advisory
https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:*

Версия от 14.2 (включая) до 16.0 (исключая)

EPSS

Процентиль: 92%

0.08607

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-78w8-55r3-m9mq