Описание
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2024.1 (исключая)
cpe:2.3:a:inducer:relate:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.0019
Низкий
2.6 Low
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 2.6
github
почти 2 года назад
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
EPSS
Процентиль: 41%
0.0019
Низкий
2.6 Low
CVSS3
Дефекты
CWE-79