Описание
DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.27 (включая)
cpe:2.3:a:darktrace:threat_visualizer:*:*:*:*:*:-:*:*
EPSS
Процентиль: 36%
0.00149
Низкий
6.1 Medium
CVSS3
4.6 Medium
CVSS3
Дефекты
CWE-79
CWE-601
Связанные уязвимости
CVSS3: 4.6
github
почти 2 года назад
DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.
EPSS
Процентиль: 36%
0.00149
Низкий
6.1 Medium
CVSS3
4.6 Medium
CVSS3
Дефекты
CWE-79
CWE-601