Lucene search

Veracode Vulnerability DatabaseVERACODE:46175

HistoryApr 03, 2024 - 12:39 p.m.

Cross Site Scripting (XSS)

2024-04-0312:39:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

francoisjacquet

rosariosis

cross site scripting

input handling

add portal note

arbitrary javascript code

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

7.2

Confidence

High

EPSS

Percentile

15.5%

JSON

francoisjacquet/rosariosis is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of input in the component Add Portal Note, leading to the execution of arbitrary JavaScript code.

References

powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a

vuldb.com/?ctiid.258911

vuldb.com/?id.258911

vuldb.com/?submit.307450

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

7.2

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46175