PT-2019-12974 · Ht2 · Learning Locker
Publicado
2019-07-16
·
Atualizado
2019-10-09
·
CVE-2019-12834
CVSS v3.1
7.3
Alta
| Vetor | AC:L/AV:N/A:L/C:L/I:L/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
HT2 Labs Learning Locker version 3.15.1
Description
The issue allows for the injection of malicious HTML and JavaScript code into the website's DOM via the PATH INFO to the "dashboards/" URI.
Recommendations
For HT2 Labs Learning Locker version 3.15.1, consider restricting access to the dashboards/ URI until a patch is available. As a temporary workaround, avoid using the PATH INFO to the dashboards/ URI to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Learning Locker