Cross-Site Scripting (XSS)

2023-06-2609:03:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

vulnerable

user input

validation

malicious javascript

indexed data

software

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

18.7%

JSON

tpwd/ke_search is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly validate user input before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim’s browser via indexed data.