Vulnerability

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVSS Score
7.2: Critical
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE
CWE-79
CVE
not recorded

 Report advisory or correction

Components

References