exploitDog

CVE-2022-35144

Опубликовано: 04 авг. 2022

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

Ссылки

http://raneto.com/
Product
https://cwe.mitre.org/data/definitions/79.html
Third Party Advisory
https://gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144/
Exploit
Patch
Third Party Advisory
https://github.com/gilbitron/Raneto/releases
Release Notes
Third Party Advisory
http://raneto.com/
Product
https://cwe.mitre.org/data/definitions/79.html
Third Party Advisory
https://gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144/
Exploit
Patch
Third Party Advisory
https://github.com/gilbitron/Raneto/releases
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:raneto_project:raneto:*:*:*:*:*:node.js:*:*

Версия до 0.17.1 (исключая)

EPSS

Процентиль: 54%

0.00313

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-vc68-6x72-w22f

CVSS3: 4.8

github

больше 3 лет назад

Raneto vulnerable to Cross-site Scripting

EPSS

Процентиль: 54%

0.00313

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79