exploitDog

CVE-2024-52941

Опубликовано: 18 нояб. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

Ссылки

https://www.veritas.com/support/en_US/security/VTS24-013

EPSS

Процентиль: 26%

0.0009

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-v64h-qhh7-j6qf

CVSS3: 5.4

github

около 1 года назад

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

EPSS

Процентиль: 26%

0.0009

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79