CVE-2024-25435

Опубликовано: 28 фев. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter.

Ссылки

https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25435%20-%3E%20Reflected%20XSS%20on%20md1patient%20login%20page
Third Party Advisory
https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25435%20-%3E%20Reflected%20XSS%20on%20md1patient%20login%20page
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:md1health:md1patient:1.16.0:*:*:*:*:*:*:*

cpe:2.3:a:md1health:md1patient:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.0017

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-6hcj-xq8v-5j7j