exploitDog

CVE-2023-44040

Опубликовано: 03 апр. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate.

Ссылки

https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
Third Party Advisory
https://veridiumid.com/veridium-id-authentication-platform/
Product
https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
Third Party Advisory
https://veridiumid.com/veridium-id-authentication-platform/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:veridiumid:veridiumad:*:*:*:*:*:*:*:*

Версия до 3.5.0 (исключая)

EPSS

Процентиль: 74%

0.00809

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-3cm8-rv8m-x9gf

CVSS3: 6.1

github

почти 2 года назад

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate.

EPSS

Процентиль: 74%

0.00809

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79