exploitDog

CVE-2024-38493

Опубликовано: 15 июл. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.

Ссылки

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678
Permissions Required
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:broadcom:symantec_privileged_access_management:*:*:*:*:*:*:*:*

Версия от 4.1.0 (включая) до 4.1.7 (включая)

EPSS

Процентиль: 26%

0.00089

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-jm8h-r9wg-2qjw

CVSS3: 6.1

github

больше 1 года назад

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.

EPSS

Процентиль: 26%

0.00089

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79