CVE-2023-38878

Опубликовано: 11 сент. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.

Ссылки

https://github.com/devcode-it/openstamanager
Product
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38878
Exploit
Third Party Advisory
https://openstamanager.com/
Product
https://github.com/devcode-it/openstamanager
Product
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38878
Exploit
Third Party Advisory
https://openstamanager.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:devcode:openstamanager:*:*:*:*:*:*:*:*

Версия от 2.4.24 (включая) до 2.4.47 (включая)

EPSS

Процентиль: 21%

0.00068

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-h3r4-4c9w-25g8