CVE-2017-9331 Information
Feb 14, 2021
cve
Description
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
https://github.com/Telaxus/EPESI/commit/dda3e5f3843e80fe9ed36115f4fe72c06a3a41bc https://github.com/Telaxus/EPESI/issues/193
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: