Описание
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Ссылки
- PatchRelease NotesVendor Advisory
- MitigationPatchVendor Advisory
- Third Party Advisory
- PatchRelease NotesVendor Advisory
- MitigationPatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.2 (включая)Версия до 3.0.1 (включая)
Одно из
cpe:2.3:a:exceedone:exment:*:*:*:*:*:*:*:*
cpe:2.3:a:exceedone:laravel-admin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00369
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability
EPSS
Процентиль: 58%
0.00369
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79