Vulnerability Details CVE-2017-6537
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-6537
-
cpe:2.3:a:webpagetest_project:webpagetest:3.0