Vulnerability Details CVE-2017-9085
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-9085
-
cpe:2.3:a:kodak:insite:6.5
-
cpe:2.3:a:kodak:insite:6.7
-
cpe:2.3:a:kodak:insite:7.0
-
cpe:2.3:a:kodak:insite:7.0.1
-
cpe:2.3:a:kodak:insite:8.0