Описание
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.
Ссылки
- Product
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:unicomsi:focal_point:7.6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00028
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
8 месяцев назад
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.
EPSS
Процентиль: 7%
0.00028
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79