Vulnerability Details CVE-2019-14804
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.4%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/154018/UNA-10.0.0-RC1-Cross-Site-Scripting.html
- https://github.com/unaio/una/commits/master/studio
- https://pastebin.com/iMfs1BsM
- http://packetstormsecurity.com/files/154018/UNA-10.0.0-RC1-Cross-Site-Scripting.html
- https://github.com/unaio/una/commits/master/studio
- https://pastebin.com/iMfs1BsM