exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2024-46976

больше 1 года назад

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 5.4

EPSS: Низкий

CVE-2024-46976

больше 1 года назад

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 6.5

EPSS: Низкий

GHSA-5j94-f3mf-8685

больше 1 года назад

@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection

CVSS3: 6.5

EPSS: Низкий

BDU:2024-11516

больше 1 года назад

Уязвимость модуля TechDocs платформы для построения порталов разработчиков Backstage, позволяющая нарушителю проводить межсайтовые сценарные атаки

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-46976 Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 5.4	0% Низкий	больше 1 года назад
CVE-2024-46976 Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 6.5	0% Низкий	больше 1 года назад
GHSA-5j94-f3mf-8685 @backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection	CVSS3: 6.5	0% Низкий	больше 1 года назад
BDU:2024-11516 Уязвимость модуля TechDocs платформы для построения порталов разработчиков Backstage, позволяющая нарушителю проводить межсайтовые сценарные атаки	CVSS3: 6.5	0% Низкий	больше 1 года назад

Уязвимостей на страницу