Описание
govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchRelease Notes
- Vendor Advisory
- PatchThird Party Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchRelease Notes
- Vendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.2 (включая) до 3.3.1 (исключая)
cpe:2.3:a:gov.uk:govuk_tech_docs:*:*:*:*:*:ruby:*:*
EPSS
Процентиль: 84%
0.02072
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
CWE-79
Связанные уязвимости
github
почти 3 года назад
govuk_tech_docs vulnerable to unescaped HTML on search results page
EPSS
Процентиль: 84%
0.02072
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
CWE-79