Описание
Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ofofonobsdev:hubbank:1.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.3
github
почти 2 года назад
Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.
EPSS
Процентиль: 24%
0.00082
Низкий
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79