PT-2022-8024 · Unknown · Rf Keynote
Published
2022-12-31
·
Updated
2024-05-17
·
CVE-2017-20159
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
rf Keynote versions up to 0.x
Description
A vulnerability was found in rf Keynote, affecting some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the
argument value leads to cross-site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue.Recommendations
For rf Keynote versions up to 0.x, upgrade to version 1.0.0 to address the issue. As a temporary workaround, consider restricting access to the vulnerable functionality in the file lib/keynote/rumble.rb until the upgrade is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rf Keynote