Описание
Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available.
Ссылки
EPSS
Процентиль: 66%
0.00523
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 66%
0.00523
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79