exploitDog

CVE-2022-43342

Опубликовано: 14 нояб. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field.

Ссылки

https://discussions.eramba.org/t/question-stored-xss-vulnerability/2326
Vendor Advisory
https://www.eramba.org/
Exploit
Vendor Advisory
https://discussions.eramba.org/t/question-stored-xss-vulnerability/2326
Vendor Advisory
https://www.eramba.org/
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eramba:eramba:c2.8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00589

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-gx89-fjwq-4vh9

CVSS3: 5.4

github

около 3 лет назад

A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field.

EPSS

Процентиль: 69%

0.00589

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79