exploitDog

CVE-2022-39834

Опубликовано: 17 нояб. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.

Ссылки

https://support.keyfactor.com/s/detail/a6x1Q000000CwCoQAK
Vendor Advisory
https://support.keyfactor.com/s/detail/a6x1Q000000CwCoQAK
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keyfactor:primekey_ejbca:*:*:*:*:*:*:*:*

Версия до 7.9.0.2 (включая)

EPSS

Процентиль: 67%

0.00548

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-mw97-9v5p-rf9q

CVSS3: 5.4

github

около 3 лет назад

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user.

EPSS

Процентиль: 67%

0.00548

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79