CVE-2017-3165
Cross-site Scripting In Apache Brooklyn
5.4
MEDIUM
CVSS 3.1
EPSS 0.27%
描述
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.
如何修補 CVE-2017-3165
要修補 CVE-2017-3165,請將受影響套件升級到下列已修補版本。
- —升級至 0.10.0 或更新版本
CVE-2017-3165 正在被利用嗎?
低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 0.10.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |