Lucene search

AttackerKBAKB:08E6848D-56CB-4BD7-8BD5-197859C3DA2D

HistoryAug 15, 2021 - 12:00 a.m.

CVE-2021-38699

2021-08-1500:00:00

attackerkb.com

tastyigniter 3.0.7

xss

vulnerability

stored

assessment

url

payload

vulnerable parameter

proof

attacker value

EPSS

0.01

Percentile

83.7%

JSON

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.

Recent assessments:

nu11secur1ty at August 16, 2021 11:07am UTC reported:

TastyIgniter 3.0.7 allows XSS – Stored

Vulnerability Assessment

XSS-Stored Allow 48 characters

Url

<http://192.168.1.3/setup-master/admin/customers/create>

Payload

<https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38699>

Vulnerable parameter

Customer[first_name]

Proof:

<https://streamable.com/75b6ob>

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5

References

packetstormsecurity.com/files/163843/TastyIgniter-3.0.7-Cross-Site-Scripting.html

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38699

github.com/HuskyHacks/CVE-2021-38699-Reflected-XSS

github.com/HuskyHacks/CVE-2021-38699-Stored-XSS

github.com/Justin-1993/CVE-2021-38699

pentesternotes.com/?p=209

tastyigniter.com/support

EPSS

0.01

Percentile

83.7%

JSON

Related for AKB:08E6848D-56CB-4BD7-8BD5-197859C3DA2D