Описание
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked.
Ссылки
- Third Party Advisory
- ExploitMitigationThird Party Advisory
- Third Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.4.8.322 (включая)
cpe:2.3:a:dhc-vision:eqms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.002
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
почти 4 года назад
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked.
EPSS
Процентиль: 42%
0.002
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79