Описание
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.
EPSS
Процентиль: 9%
0.00032
Низкий
7.2 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 7.2
github
17 дней назад
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.
EPSS
Процентиль: 9%
0.00032
Низкий
7.2 High
CVSS3
Дефекты
CWE-79