What the vulnerability does
01Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <= 3.6.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <= 3.6.5.
Explanation of Vulnerability in Simple Terms
Textmetrics versions 3.6.5 and earlier contain an information disclosure vulnerability. An attacker with low-level privileges can read sensitive data through the network without user interaction. The vulnerability has a CVSS score of 4.3, indicating moderate risk to confidentiality.
What an attacker can do
Read sensitive data from the application without user interaction.
Potential impact on your site
User data confidentiality may be compromised if the site runs an affected Textmetrics version.
Conditions required to exploit
Attacker must have low-level user account access to the application.
Key dates
External resources
Related vulnerabilities