RubySecRUBY:OXIDIZED-WEB-2019-25088Oxidized Web vulnerable to Cross-site Scripting
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A vulnerability was found in ytti Oxidized Web. It has been classified
as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml.
The manipulation of the argument to_research leads to cross site scripting. It
is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45.
It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier
assigned to this vulnerability.
References
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N