E19-7s841
CVSS:
4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
False Positive:
t
Variants:
16
Year:
2019
Description
This strike exploits a reflected cross-site scripting vulnerability found in OpenProject Web interface. This vulnerability is due to inadequate input filtering in the web interface, while parsing input passed to sortBy parameter within projects page. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}