Lucene search

Veracode Vulnerability DatabaseVERACODE:46561

HistoryApr 22, 2024 - 6:16 a.m.

Cross-Site Scripting

2024-04-2206:16:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

input handling

output sanitization

/login page

javascript

github.com/baidu/openrasp

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

github.com/baidu/openrasp is vulnerable to Cross-Site Scripting. The vulnerability is due to improper handling of input and lack of output sanitization in the redirect parameter on the /login page. This allows attacker to inject arbritrary javascript to be executed with the permissions of a user after the user logins with their account.

CPENameOperatorVersion
github.com/baidu/openrasplev1.3.7
github.com/baidu/openrasplev1.3.7

CPE	Name	Operator	Version
	github.com/baidu/openrasp	le	v1.3.7
	github.com/baidu/openrasp	le	v1.3.7

References

github.com/baidu/openrasp/commit/240fde3901c7a36aaade3683ffd5c89140a535fb

securitylab.github.com/advisories/GHSL-2023-253_openrasp

securitylab.github.com/advisories/GHSL-2023-253_openrasp/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:46561