Lucene search

Veracode Vulnerability DatabaseVERACODE:44193

HistoryNov 08, 2023 - 8:20 a.m.

Cross-site Scripting (XSS)

2023-11-0808:20:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

velocidex

velociraptor

cross-site scripting

javascript

browser vulnerability

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

github.com/velocidex/velociraptor is vulnerable to Cross-site Scripting. This vulnerability exists because it does not properly validate error paths, allowing an attacker to inject and execute malicious JavaScript in the browser

CPENameOperatorVersion
github.com/velocidex/velociraptorlev0.7.0-rc1
github.com/velocidex/velociraptorlev0.7.0-rc1

CPE	Name	Operator	Version
	github.com/velocidex/velociraptor	le	v0.7.0-rc1
	github.com/velocidex/velociraptor	le	v0.7.0-rc1

References

github.com/Velocidex/velociraptor/commit/0ef0e8bd3d8ce596e8efaebde32cfcd740aee6c1

github.com/Velocidex/velociraptor/releases/tag/v0.7.0

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

Related for VERACODE:44193