Описание
IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.2 (исключая)
cpe:2.3:a:unistra:impatient:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00353
Низкий
7.6 High
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 7.6
github
около 3 лет назад
IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information.
EPSS
Процентиль: 57%
0.00353
Низкий
7.6 High
CVSS3
Дефекты
CWE-79
CWE-79