CVE-2018-1000855

Published 2 months ago
Category: Cross-Site Scripting
Source: GitHub
Severity: Severe

Vulnerability in easymon

When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.4.1

Unaffected Versions

n/a

References

n/a