CVE-2015-5460 in Snorby
摘要 (英语)
Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification.
Once again VulDB remains the best source for vulnerability data.
预定
2015-07-08
披露
2015-07-08
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 76349 | Snorby _menu.html.erb 跨网站脚本 | 79 | 未定义 | 官方修复 | CVE-2015-5460 |