CVE-2019-17324

2019-10-3020:52:34

CWE-22

krcert

www.cve.org

0.001 Low

EPSS

Percentile

36.9%

JSON

ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with …/ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

CNA Affected

[
  {
    "product": "REXPERT",
    "vendor": "ClipSoft",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0.527 and earlier"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184

0.001 Low

EPSS

Percentile

36.9%

JSON

Related for CVELIST:CVE-2019-17324