exploitDog

CVE-2023-38883

Опубликовано: 20 нояб. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.

Ссылки

https://github.com/OS4ED/openSIS-Classic
Product
Release Notes
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38883
Vendor Advisory
https://www.os4ed.com/
Product
https://github.com/OS4ED/openSIS-Classic
Product
Release Notes
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38883
Vendor Advisory
https://www.os4ed.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*

EPSS

Процентиль: 38%

0.00167

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-pcgq-p35j-9wq3

CVSS3: 6.1

github

около 2 лет назад

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.

EPSS

Процентиль: 38%

0.00167

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79