exploitDog

CVE-2024-38521

Опубликовано: 28 июн. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 6.1

EPSS Низкий

Описание

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.

Ссылки

https://github.com/scidsg/hushline/security/advisories/GHSA-4v8c-r6h2-fhh3
Exploit
Third Party Advisory
https://github.com/scidsg/hushline/security/advisories/GHSA-4v8c-r6h2-fhh3
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hushline:hush_line:*:*:*:*:*:*:*:*

Версия до 0.1.0 (исключая)

EPSS

Процентиль: 52%

0.00288

Низкий

8.8 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

EPSS

Процентиль: 52%

0.00288

Низкий

8.8 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79