CVE-2021-32853

2023-02-2023:15:12

CWE-79

[email protected]

web.nvd.nist.gov

erxes

xos

cross-site scripting

vulnerability

cve-2021-32853

nvd

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.

Affected configurations

Vulners

NVD

Node

npmerxesRange≤0.22.3

CPENameOperatorVersion
erxes:erxeserxeslt0.22.3

CPE	Name	Operator	Version
erxes:erxes	erxes	lt	0.22.3

CNA Affected

[
  {
    "vendor": "npm",
    "product": "erxes",
    "versions": [
      {
        "version": "0.22.3",
        "status": "affected",
        "lessThanOrEqual": "0.22.3",
        "versionType": "custom"
      }
    ]
  }
]