Description
7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
High
Affected products
- 7Twenty / BOTAll versions – Upgrade to version 202308a1
References
- VENDOR_ADVISORYhttps://www.gov.il/en/Departments/faq/cve_advisories