exploitDog

CVE-2025-1271

Опубликовано: 13 фев. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6web
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:anapi:h6web:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00103

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-3889-h6mq-grhq

CVSS3: 6.1

github

12 месяцев назад

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user.

EPSS

Процентиль: 29%

0.00103

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79