Описание
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:openknowledgemaps:head_start:4:*:*:*:*:*:*:*
cpe:2.3:a:openknowledgemaps:head_start:5:*:*:*:*:*:*:*
cpe:2.3:a:openknowledgemaps:head_start:6:*:*:*:*:*:*:*
cpe:2.3:a:openknowledgemaps:head_start:7:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00106
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 2 лет назад
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.
EPSS
Процентиль: 29%
0.00106
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79