Описание
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client.
Ссылки
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 4.5.0 (исключая)
cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00079
Низкий
4.8 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
около 1 года назад
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client.
EPSS
Процентиль: 24%
0.00079
Низкий
4.8 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79