Strike ID:
E19-7s841
CVSS:
4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
False Positive:
t
Variants:
16
Year:
2019

Description

This strike exploits a reflected cross-site scripting vulnerability found in OpenProject Web interface. This vulnerability is due to inadequate input filtering in the web interface, while parsing input passed to sortBy parameter within projects page. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}