Lucene search

Veracode Vulnerability DatabaseVERACODE:44136

HistoryNov 03, 2023 - 7:38 a.m.

Cross Site Scripting

2023-11-0307:38:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

reportico

input sanitization

javascript injection

software vulnerability

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

Reportico is vulnerable to Cross Site Scripting. The vulnerability is due to improper input sanitization in the project report title. The attacker can exploit this issue by injecting malicious JavaScript in the title field.

CPENameOperatorVersion
reportico-web/reporticole7.1.21-beta
reportico-web/reporticole7.1.21-beta

CPE	Name	Operator	Version
	reportico-web/reportico	le	7.1.21-beta
	reportico-web/reportico	le	7.1.21-beta

References

github.com/reportico-web/reportico/issues/47

web.archive.org/web/20231103055934/https://github.com/reportico-web/reportico/issues/47