MEDIUM
Webpagetest Project
CVE published 2017-03-02
CVE-2017-6396
CVE-2017-6396 is a cross-site scripting vulnerability in WPO-Foundation WebPageTest 3.0. According to the NVD record, user-supplied data reaching webpagetest-master/www/compare-cf.php was not sufficiently filtered, allowing an attacker to execute arbitrary HTML and JavaScript in a victim’s browser in the context of the vulnerable website. This is a medium-severity, network-reachable issue that depends on [truncated]