Описание
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ict:protege_gx:2.08:*:*:*:*:*:*:*
cpe:2.3:a:ict:protege_wx:2.08:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00576
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 3 лет назад
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
EPSS
Процентиль: 68%
0.00576
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79