Описание
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.
Ссылки
- Product
- ExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gestioip:gestioip:3.5.7:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00373
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
debian
около 1 года назад
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Refl ...
CVSS3: 4.8
github
около 1 года назад
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.
EPSS
Процентиль: 58%
0.00373
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79