CVE-2013-7370

Опубликовано: 01 июл. 2013

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

Отчет

This issue affects the versions of nodejs-connect as shipped with Red Hat OpenShift Enterprise 2. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Enterprise 2	nodejs010-nodejs-connect	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1091166nodejs-connect: XSS via HTTP request with a crafted method containing JavaScript

EPSS

Процентиль: 77%

0.01082

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2013-7370

CVSS3: 6.1

ubuntu

около 6 лет назад

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

CVE-2013-7370

CVSS3: 6.1

nvd

около 6 лет назад

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

CVE-2013-7370

CVSS3: 6.1

debian

около 6 лет назад

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middlewar ...

GHSA-3fw8-66wf-pr7m

github

больше 5 лет назад

methodOverride Middleware Reflected Cross-Site Scripting in connect

EPSS

Процентиль: 77%

0.01082

Низкий

4.3 Medium

CVSS2