Описание
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 2.7.1+ds-3 |
| disco | not-affected | 2.7.1+ds-3 |
| eoan | not-affected | 2.7.1+ds-3 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 2.7.1+ds-3 |
| esm-apps/jammy | not-affected | 2.7.1+ds-3 |
| esm-apps/noble | not-affected | 2.7.1+ds-3 |
| esm-apps/xenial | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prom ...
Withdrawn Advisory: Prometheus XSS Vulnerability
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3