CVE-2019-7551

Sažetak

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.

Reference

https://blog-posts--cantemo.netlify.com/news/2019/03/cantemo-portal-xss-vulnerabilities/
https://doc.cantemo.com/latest/ReleaseNotes/intro.html#version-3-4-9
https://www.bishopfox.com/blog/news-category/advisories/
https://www.bishopfox.com/news/2019/03/cantemo-portal-version-3-8-4-cross-site-scripting/

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

27-09-2019 - 16:32

Objavljeno

10-04-2019 - 17:29