Описание
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
EPSS
6.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session.
Уязвимость компонента soplanning/www/process/xajax_server.php CMS-системы SOPlanning (Simple Online Planning), позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS
6.3 Medium
CVSS3
5.4 Medium
CVSS3