CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
47.9%
A vulnerability in the ejs web application development pattern for Node.Js is related to incorrect neutralization of
special elements in the output data used by the input component. Exploitation of the vulnerability could
allow an attacker acting remotely to execute arbitrary code by injecting specially
specially crafted JavaScript code
A vulnerability in the Express.js web application development pattern for Node.Js is related to an open source redirect using a malformed JavaScript code.
redirects using malformed URLs. Exploitation of the vulnerability could
Allow a remote attacker to redirect users to malicious URLs
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | opensearch | < 2.15.0-1 | UNKNOWN |