PT-2019-11619 · Invenio · Invenio-Records
Publicado
2019-07-16
·
Atualizado
2019-08-01
·
CVE-2019-1020003
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Invenio-Records versions prior to 1.2.2
Description:
A Cross-Site Scripting (XSS) issue was found in the administration interface when rendering JSON for a record. This could be exploited by a user with access to upload a new record that an admin user would later view.
Recommendations:
For versions prior to 1.0.1, upgrade to v1.0.1.
For versions prior to 1.1.1, upgrade to v1.1.1.
For versions prior to 1.2.2, upgrade to v1.2.2.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Invenio-Records