Cross site scripting

2023-12-2216:15:00

PRIOn knowledge base

www.prio-n.com

stored xss

admin/adminrequestsqlcontroller.php

script execution

error mishandling

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

JSON

A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling.

CPENameOperatorVersion
thirty_beeslt1.5.0

CPE	Name	Operator	Version
	thirty_bees	lt	1.5.0

References

github.com/thirtybees/thirtybees/commit/f5b2c1e0094ce53fded1443bab99a604ae8e2968

github.com/thirtybees/thirtybees/compare/1.4.0...1.5.0

zigrin.com/advisories/thirty-bees-stored-cross-site-scripting-xss/