Описание
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
Ссылки
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cksource:ckfinder:1.4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00016
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
3 месяца назад
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
EPSS
Процентиль: 3%
0.00016
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79