CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9306

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://www.cdxy.me/?p=763
https://www.cdxy.me/?p=763

Products affected by CVE-2017-9306

Syspass » Syspass » Version: 2.1.9

cpe:2.3:a:syspass:syspass:2.1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9306

Products

Pricing

Contact Us