CVE-2018-25084

low ForgeRock
CVSS v3 Base Score
3.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Confidentiality
None
Integrity
Low
Availability
None
Published: April 10, 2023 (1129 days ago)
Last Modified: November 21, 2024
Vendor: ForgeRock
Source: NVD

Description

A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The patch is identified as f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability.

References

🔗 github.com 🔗 github.com 🔗 vuldb.com 🔗 vuldb.com 🔗 github.com