CVE-2023-29712

Опубликовано: 09 июн. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.

Ссылки

https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf
Product
https://labs.yarix.com/2023/05/vade-secure-gateway-multiple-xss-cve-2023-29712-cve-2023-29713-cve-2023-29714/
Exploit
Third Party Advisory
https://www.vadesecure.com/en/
Product
https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf
Product
https://labs.yarix.com/2023/05/vade-secure-gateway-multiple-xss-cve-2023-29712-cve-2023-29713-cve-2023-29714/
Exploit
Third Party Advisory
https://www.vadesecure.com/en/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vadesecure:secure_gateway:*:*:*:*:*:*:*:*

Версия до 3.0 (включая)

EPSS

Процентиль: 54%

0.00318

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gpxq-pjqm-jhp5