Описание
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.
Ссылки
- Broken Link
- Vendor Advisory
- US Government Resource
- Not Applicable
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sick:field_analytics:*:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00066
Низкий
4.8 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-1021
Связанные уязвимости
CVSS3: 4.8
github
8 месяцев назад
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.
EPSS
Процентиль: 20%
0.00066
Низкий
4.8 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-1021