exploitDog

CVE-2022-30360

Опубликовано: 25 окт. 2024

Источник: nvd

CVSS3: 6.4

CVSS3: 5.4

EPSS Низкий

Описание

OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required.

Ссылки

https://cve.offsecguy.com/ovaledge/vulnerabilities/stored-xss#cve-2022-30360
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:*

Версия до 5.2.8 (включая)

EPSS

Процентиль: 31%

0.00119

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-2vv4-68vr-7qwm

CVSS3: 5.4

github

больше 1 года назад

OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required.

EPSS

Процентиль: 31%

0.00119

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79