Описание
Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view).
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:i-doit:i-doit:28:*:*:*:pro:*:*:*
EPSS
Процентиль: 43%
0.0021
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 1 года назад
Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,type,view).
EPSS
Процентиль: 43%
0.0021
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79