Lucene search

Veracode Vulnerability DatabaseVERACODE:46752

HistoryMay 06, 2024 - 6:26 a.m.

Cross-Site Scripting (XSS)

2024-05-0606:26:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

vulnerability

pterodactyl/panel

docker images

user input

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

15.5%

JSON

pterodactyl/panel is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to insufficient user input sanitization within Egg Docker images and variables, which results in cross site scripting (XSS) on the panel

References

github.com/pterodactyl/panel/commit/0dad4c5a488661f9adc27dd311542516d9bfa0f2

github.com/pterodactyl/panel/commit/1172d71d31561c4e465dabdf6b838e64de48ad16

github.com/pterodactyl/panel/commit/f671046947e4695b5e1c647df79305c1cefdf817

github.com/pterodactyl/panel/security/advisories/GHSA-384w-wffr-x63q

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46752