CVE-2023-29714

Опубликовано: 09 июн. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.

Ссылки

https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf
Product
https://labs.yarix.com/advisories/cve-2023-29714-dom-based-xss-in-vade-secure-gateway/
Third Party Advisory
https://www.vadesecure.com/en/
Product
https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf
Product
https://labs.yarix.com/advisories/cve-2023-29714-dom-based-xss-in-vade-secure-gateway/
Third Party Advisory
https://www.vadesecure.com/en/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vadesecure:secure_gateway:*:*:*:*:*:*:*:*

Версия до 3.0 (включая)

EPSS

Процентиль: 54%

0.00318

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-ccv3-666m-7hw7