CVE-2020-28957

MEDIUM5.4EPSS 0.21%

Foxlor cross-site scripting (XSS) vulnerability

發布日:2022/5/24修改日:2024/4/25
也稱為:GHSA-cv24-vh45-4hjm

描述

Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1MEDIUM5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(3)