CVE-2024-25413

High

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to…

mitre·CWE-91·Published 2024-02-16

CVSS

7.2

EPSS

0.01

KEV

Exploits

cve.orgen

188 chars

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.

NVDen

188 chars

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.

Una vulnerabilidad de inyección del lado del servidor XSLT en la función Importar trabajos de FireBear Enhanced Import And Export v3.8.6 permite a los atacantes ejecutar comandos arbitrarios a través de un archivo XSLT manipulado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.1	2.3	6.0	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H