Описание
EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:equalweb:equalweb_accessibility_widget:4.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00338
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 3 лет назад
EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.
EPSS
Процентиль: 56%
0.00338
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79