Description
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=JE1Kcq3iJpc
Scores
CVSS v3
7.5
EPSS
0.0143
EPSS Percentile
69.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (2)
frangoteam/fuxa
1.1.3
frangoteam/fuxa
0npm
Published
Mar 16, 2022
Tracked Since
Feb 18, 2026