6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.9%
dash-core-components are vulnerable to Cross Site Scripting (XSS). The vulnerability is caused due to improper handling of the href
attribute of the `` tag when the href
attribute is controlled by an adversary. This allows an attacker to steal data that is visible to another user who opens a view containing the malicious script.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.9%