Описание
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.
Уязвимые конфигурации
Конфигурация 1Версия от 11.4.0 (включая) до 11.14.2.0 (исключая)
cpe:2.3:a:opexustech:ecase_audit:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.5
github
30 дней назад
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0.
EPSS
Процентиль: 8%
0.00029
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79