Описание
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag.
Ссылки
- Release NotesThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.1 (исключая)
cpe:2.3:a:csv\+_project:csv\+:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.29995
Средний
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag.
EPSS
Процентиль: 97%
0.29995
Средний
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79