漏洞标题
OpenXE Ticket Bearbeiten页面跨站脚本漏洞
漏洞描述信息
在OpenXE 1.12及之前的版本中发现了一个漏洞。该漏洞被认定为存在问题。此漏洞影响组件Ticket Bearbeiten Page的未知代码。对参数Notizen的操纵会导致跨站脚本攻击。攻击可以从远程发起。该漏洞的利用方法已被公开披露,并可能被利用。厂商在披露早期已被联系,但未作出任何回应。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
OpenXE Ticket Bearbeiten Page cross site scripting
漏洞描述信息
A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)