exploitDog

CVE-2025-46545

Опубликовано: 25 апр. 2025

Источник: nvd

CVSS3: 4.4

CVSS3: 4.8

EPSS Низкий

Описание

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

Ссылки

https://deiteriy.com
Not Applicable
https://gist.github.com/ArtemBrylev/5a0c76285d5fa9daf4ec753034185de7
Third Party Advisory
https://sherparpa.com
Product
https://twitter.com/ArtyomBrylev
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sherparpa:sherpa_orchestrator:141851:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00048

Низкий

4.4 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-37m8-vrcv-2x3f

CVSS3: 4.4

github

10 месяцев назад

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

EPSS

Процентиль: 15%

0.00048

Низкий

4.4 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79