exploitDog

CVE-2024-23735

Опубликовано: 10 апр. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate.

Ссылки

https://help.savignano.net/snotify-email-encryption/sa-2023-11-02
Vendor Advisory
https://help.savignano.net/snotify-email-encryption/security-advisories
Vendor Advisory
https://help.savignano.net/snotify-email-encryption/sa-2023-11-02
Vendor Advisory
https://help.savignano.net/snotify-email-encryption/security-advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:savignano:s-notify:*:*:*:*:*:confluence:*:*

Версия до 4.0.0 (исключая)

EPSS

Процентиль: 64%

0.00474

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-23r4-x5xc-qw4f

CVSS3: 6.1

github

больше 1 года назад

Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate.

EPSS

Процентиль: 64%

0.00474

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79