A cross-site scripting vulnerability exists in the web-based console management. This vulnerability has been assigned CVE-2015-2223.
This issue affects the management interface of Traps, where an authenticated administrator may be tricked into injecting malicious JavaScript into the web UI interface.
This issue affects Traps ESM Console version 3.2.1 and earlier
Versions | Affected | Unaffected |
---|---|---|
Traps ESM Console 3.2 | < 3.2.1.3559 | >= 3.2.1.3559 |
Traps ESM Console 3.1 | < 3.1.5.3691 | >= 3.1.5.3691 |
CVSSv3.1 Base Score: 4.2 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Traps ESM Console 3.1.5.3691 and higher; Traps ESM Console 3.2.1.3559 and higher