0.003 Low
EPSS
Percentile
70.8%
github.com/hashicorp/consul is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser via a malicious key-value (KV) entry.
discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
github.com/hashicorp/consul/pull/10023
github.com/hashicorp/consul/pull/10037
security-tracker.debian.org/tracker/CVE-2020-25864
www.hashicorp.com/blog/category/consul