F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue.
References
Link | Resource |
---|---|
http://oscarhjelm.com/blag/2018/02/f-secure-radar-persistent-cross-site-scripting-vulnerability/ | Third Party Advisory |
http://www.securityfocus.com/bid/103100 | Third Party Advisory VDB Entry |
http://oscarhjelm.com/blag/2018/02/f-secure-radar-persistent-cross-site-scripting-vulnerability/ | Third Party Advisory |
http://www.securityfocus.com/bid/103100 | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 04:10
Type | Values Removed | Values Added |
---|---|---|
References | () http://oscarhjelm.com/blag/2018/02/f-secure-radar-persistent-cross-site-scripting-vulnerability/ - Third Party Advisory | |
References | () http://www.securityfocus.com/bid/103100 - Third Party Advisory, VDB Entry |
Information
Published : 2018-02-16 04:29
Updated : 2024-11-21 04:10
NVD link : CVE-2018-6189
Mitre link : CVE-2018-6189
CVE.ORG link : CVE-2018-6189
JSON object : View
Products Affected
f-secure
- radar
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')