PT-2023-25875 · Unknown · Joc Cockpit+1

Besnardf

Publicado

2023-07-13

Atualizado

2023-07-27

CVE-2023-37272

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions JobScheduler (JS1) versions 1.13.0 through 1.13.18

Description The issue allows for an XSS attack through specifically crafted file names when uploading files for user-generated documentation in JOC Cockpit. This can inject code that is executed by the browser. The risk of this issue is considered high.

Recommendations For JobScheduler (JS1) versions 1.13.0 through 1.13.18, update to version 1.13.19 to resolve the issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-37272

GHSA-QR44-GM3X-7HFC

Produtos afetados

Joc Cockpit

Jobscheduler

PT-2023-25875 · Unknown · Joc Cockpit+1

CVE-2023-37272

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5