← Voltar para CVEs
CVE-2018-14527
N/ADescricao
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado7/23/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
xiao5ucompany_project:xiao5ucompany
Fraquezas (CWE)
CWE-79
Referencias
https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc(cve@mitre.org)
https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.