Description
7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- 7Twenty / 7Twenty BotAll versions – Upgrade to latest version
References
- VENDOR_ADVISORYhttps://www.gov.il/en/Departments/faq/cve_advisories