429 – Universal cross-site scripting (UXSS)
Description
Universal cross-site scripting exploits client-side vulnerabilities, either through the browser or the extensions that the user enables, leading to the possibility of cross-side scripting exploitation or the execution of malicious code.
Impact
- Persistently inject malicious JavaScript code. - hijack any session that belongs open in the compromised browser. - Execute malicious code.
Recommendation
Keep your browsers and extensions up to date. Although this is not a definitive solution to the specific vulnerability, always use and install only what is necessary.
Threat
Unauthenticated attacker from the Internet with access to the victim's browser.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): H
- Integrity (VI): L
- Availability (VA): L
- Confidentiality (SC): L
- Integrity (SI): L
- Availability (SA): L
Threat 4.0
- Exploit maturity: P