Lucene search

CVE-2021-29028

🗓️ 24 Mar 2021 13:14:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 25 Views🌐 WEB

A XSS vulnerability in Bitweaver v3.1.0 allows remote attackers to inject JavaScript via user_activity.php URI

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
NVD	CVE-2021-29028	24 Mar 202113:15	–	nvd
CNVD	Bitweaver cross-site scripting vulnerability (CNVD-2021-22577)	25 Mar 202100:00	–	cnvd
Prion	Cross site scripting	24 Mar 202113:15	–	prion
RedhatCVE	CVE-2021-29028	22 May 202519:35	–	redhatcve
Cvelist	CVE-2021-29028	24 Mar 202112:03	–	cvelist

Nvd

Node

bitweaver bitweaverMatch3.1.0

Source	Link
github	www.github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md

Parameter	Position	Path	Description	CWE
	query param	/users/admin/user_activity.php	Cross-site scripting (XSS) vulnerability allowing JavaScript injection.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Mar 2021 13:15Current

4.9Medium risk

Vulners AI Score4.9

CVSS23.5

CVSS34.8

EPSS0.00162

CWE-79