Cross site scripting

2014-03-2104:38:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

47.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the “Domain root TXT record:” field.

CPENameOperatorVersion
domain_technologie_controleq0.29.8
domain_technologie_controleq0.28.9
domain_technologie_controleq0.32.1
domain_technologie_controleq0.25.3
domain_technologie_controleq0.30.6
domain_technologie_controleq0.26.9
domain_technologie_controleq0.29.1
domain_technologie_controleq0.27.3
domain_technologie_controleq0.28.4
domain_technologie_controlle0.32.11

Name	Operator	Version
domain_technologie_control	eq	0.29.8
domain_technologie_control	eq	0.28.9
domain_technologie_control	eq	0.32.1
domain_technologie_control	eq	0.25.3
domain_technologie_control	eq	0.30.6
domain_technologie_control	eq	0.26.9
domain_technologie_control	eq	0.29.1
domain_technologie_control	eq	0.27.3
domain_technologie_control	eq	0.28.4
domain_technologie_control	le	0.32.11