Cross site scripting

2023-01-0303:15:00

PRIOn knowledge base

www.prio-n.com

xss

out-of-bounds read

v-sft

tellus

local attacker

image file

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.

CPENameOperatorVersion
telluslt4.0.15.0
v-sftlt6.1.8.0

CPE	Name	Operator	Version
	tellus	lt	4.0.15.0
	v-sft	lt	6.1.8.0

References

jvn.jp/en/vu/JVNVU90679513/index.html

monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php