Comments (2)
plr0man
commented on May 29, 2024
@Brucedh It doesn't really matter if the payload executes only in the backend, it will still fall into 'to anyone' variant. Being able to run malicious scripts in administrative context is equally impactful as in any other context, in some situations depending on the domain configuration it may even have more impact.
What is an important risk limiting factor is the level of privilege required to inject the payload, that's why non-admin variant is rated higher.
I will not be able to answer why this particular example you are referring to was marked as P4, perhaps it required multiple steps to trigger the payload that were unlikely to happen. Either way if you have a working PoC of an XSS that you are able to inject into administrative context as a regular user, that would be initially considered P2 according to the VRT based on Non-Admin to Anyone variant. After further analysis it could get downgraded because of necessary prerequisites.
Hope that helps!
from vulnerability-rating-taxonomy.
Brucedh
commented on May 29, 2024
Perfect, got it!
Thank you
from vulnerability-rating-taxonomy.
Related Issues (20)
- BAC -> IDORs in Different impacts HOT 4
- Removing "Broken Access Control (BAC) > Server-Side Request Forgery (SSRF) > External" HOT 5
- Why application wide CORS misconfiguration is not a p2???? HOT 1
- Request to add LDAP Injection as Bugcrowd VRT HOT 11
- Depreciation of IE11 HOT 4
- Disposable Email Addresses - invalid HOT 5
- Privilege Escalation as a subcategory of Broken Access Controls HOT 7
- Addition - Failure to Invalidate Session On Permission Change HOT 3
- HTTP Request Smuggling HOT 2
- Addition - HTML Content Injection HOT 1
- Update - PII Leakage updated to Sensitive Information Leak HOT 3
- Why Blind XSS can't be P1 While Massive PII is leakage? HOT 1
- SSRF as it's own top-category HOT 2
- infinite 301 HOT 4
- Text injection - needs higher priority HOT 4
- Content spoofing - needs higher priority HOT 1
- New IDOR Variants HOT 10
- Change of "Sensitive Data Exposure > Disclosure of Secretes > Intentionally Public, Sample or Invalid"
- Add unnecessary open port on server misconfiguration in P1 HOT 1
- Add LLM VRT Entries HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulnerability-rating-taxonomy.