exploitDog

CVE-2022-32407

Опубликовано: 27 окт. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Ссылки

https://riteshgohil-25.medium.com/softr-version-2-0-33463a6bf766
Exploit
Third Party Advisory
https://studio.softr.io/auth/signup
Permissions Required
Product
https://riteshgohil-25.medium.com/softr-version-2-0-33463a6bf766
Exploit
Third Party Advisory
https://studio.softr.io/auth/signup
Permissions Required
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softr:softr:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-vqx5-7wv4-cx38

CVSS3: 6.1

github

больше 3 лет назад

Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79