exploitDog

CVE-2022-42753

Опубликовано: 03 нояб. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

Ссылки

https://fluidattacks.com/advisories/hardway/
Exploit
Third Party Advisory
https://salonerp.sourceforge.io/
Product
https://fluidattacks.com/advisories/hardway/
Exploit
Third Party Advisory
https://salonerp.sourceforge.io/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:salonerp_project:salonerp:3.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00338

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-4cm4-r3q9-95wh

CVSS3: 6.1

github

больше 3 лет назад

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

EPSS

Процентиль: 56%

0.00338

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79