EPSS
Percentile
30.1%
easymon is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the check name parameter to steal session tokens or perform unwanted actions on behalf of the user.
check name
github.com/basecamp/easymon/commit/a5deaf7359fc177fcf3fca725618b53619a30b7e
github.com/basecamp/easymon/issues/26
github.com/basecamp/easymon/pull/25
github.com/rubysec/ruby-advisory-db/pull/373/commits/fd63914614198121cd2d4b65404926e7a4c95d87