CVE-2017-7188

Sažetak

Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.

Reference

http://www.securityfocus.com/bid/97681
https://bitbucket.org/zurmo/zurmo/issues/426/to-report-a-xss-security-vulnerability-in
https://github.com/faizzaidi/Zurmo-Stable-3.1.1-XSS-By-Provensec-LLC

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-05-2020 - 20:05

Objavljeno

14-04-2017 - 18:59