Описание
Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
Ссылки
- ExploitMitigationThird Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.2.25-ga (включая)Версия от 6.0 (включая) до 6.2.6.1-ga (исключая)
Одно из
cpe:2.3:a:broadleafcommerce:broadleaf_commerce:*:*:*:*:*:*:*:*
cpe:2.3:a:broadleafcommerce:broadleaf_commerce:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00171
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
EPSS
Процентиль: 39%
0.00171
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79