ГлавнаяУязвимости → CVE-2024-28715
8.8высокая

CVE-2024-28715

Описание

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.

Затрагиваемое ПО
Html-js Doracms
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
Источники
https://github.com/Lq0ne/CVE-2024-28715https://github.com/Lq0ne/CVE-2024-28715