Vulnerability Details CVE-2018-11647
index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/jaredhanson/oauth2orize-fprm/blob/master/SECURITY-NOTICE.md
- https://github.com/jaredhanson/oauth2orize-fprm/commit/2bf9faee787eb004abbdfb6f4cc2fb06653defd5
- https://github.com/jaredhanson/oauth2orize-fprm/blob/master/SECURITY-NOTICE.md
- https://github.com/jaredhanson/oauth2orize-fprm/commit/2bf9faee787eb004abbdfb6f4cc2fb06653defd5
Products affected by CVE-2018-11647
-
cpe:2.3:a:oauth2orize-fprm_project:oauth2orize-fprm:0.1.0
-
cpe:2.3:a:oauth2orize-fprm_project:oauth2orize-fprm:0.1.1
-
cpe:2.3:a:oauth2orize-fprm_project:oauth2orize-fprm:0.1.2
-
cpe:2.3:a:oauth2orize-fprm_project:oauth2orize-fprm:0.2.0