| Stored Cross-Site Scripting (XSS) Vulnerability | |||
| Severity: Medium | CVSS Score: 6.1 | CWE-ID: CWE-79 | Status: Open |
| Vulnerability Description | |||
| Sentrifugo 3.2 allows stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login attempt. When an administrator looks at the user logs, the malicious payload is executed. | |||
| CVSS Base Score | |||
| Attack Vector | Network | Scope | Changed |
| Attack Complexity | Low | Confidentiality Impact | Low |
| Privileges Required | Low | Integrity Impact | Low |
| User Interaction | Required | Availability Impact | Low |
Full details about the vulnerability will be disclosed once the vendor has provided a patch.