CVE-2019-13493 - CERT CVE

  1. CVE-2019-13493

ID CVE-2019-13493
Sažetak In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Reference
CVSS
Base: 3.5
Impact: 2.9
Exploitability:6.8
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL NONE
CVSS vektor AV:N/AC:M/Au:S/C:N/I:P/A:N
Zadnje važnije ažuriranje 18-07-2019 - 13:34
Objavljeno 17-07-2019 - 20:15