CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
Percentile
31.3%
EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.
Vendor | Product | Version | CPE |
---|---|---|---|
equalweb | equalweb_accessibility_widget | 2.0.0 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.0:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 2.0.1 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.1:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 2.0.2 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.2:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 2.0.3 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.3:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 2.0.4 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.0.4:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 2.1.10 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:2.1.10:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 3.0.0 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.0:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 3.0.1 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.1:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 3.0.2 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:3.0.2:*:*:*:*:*:*:* |
equalweb | equalweb_accessibility_widget | 4.0.0 | cpe:2.3:a:equalweb:equalweb_accessibility_widget:4.0.0:*:*:*:*:*:*:* |
More