Описание
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session.
Ссылки
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:vivaldigroup:icontrol\+_server:5.32:*:*:*:*:*:*:*
cpe:2.3:o:vivaldigroup:vivaldi_domotica_icontrol_firmware:4.7.8.0.eden:*:*:*:*:*:*:*
cpe:2.3:h:vivaldigroup:vivaldi_domotica_icontrol:-:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00073
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.3
github
6 месяцев назад
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session.
EPSS
Процентиль: 22%
0.00073
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-79