Описание
Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:nxlog:nxlog_manager:5.6.5633:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00118
Низкий
4.6 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 4.6
github
больше 2 лет назад
Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.
EPSS
Процентиль: 31%
0.00118
Низкий
4.6 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79