A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.
Existe una vulnerabilidad en el componente de carga de medios de las versiones de Asset Suite que se indican a continuación. Si se explota con éxito, un atacante podría afectar la confidencialidad o la integridad del sistema. Un atacante puede usar esta vulnerabilidad para crear una solicitud que haga que el código JavaScript proporcionado por el atacante se ejecute en el navegador del usuario durante su sesión en la aplicación.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | LOW |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Attack Requirements | NONE |
| Privileges Required | LOW |
| User Interaction | PASSIVE |
| Vulnerability Confidentiality | LOW |
| Vulnerability Integrity | LOW |
| Vulnerability Availability | NONE |
| Subsequent Confidentiality | HIGH |
| Subsequent Integrity | HIGH |
| Subsequent Availability | NONE |
Source: [email protected]
Type: Secondary
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-184
|