exploitDog

CVE-2022-39813

Опубликовано: 27 янв. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it.

Ссылки

https://www.gruppotim.it/it/footer/red-team.html
Exploit
Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:italtel:netmatch-s_ci:5.2.0-20211008:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-hg2v-4w64-9f23

CVSS3: 6.1

github

около 3 лет назад

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it.

EPSS

Процентиль: 39%

0.00176

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79