Lucene search
MendCVELIST:CVE-2021-25988HistoryDec 29, 2021 - 9:10 a.m.
CVE-2021-25988 ifme - Stored Cross-Site Scripting (XSS) in Notifications section
2021-12-2909:10:14
CWE-79
Mend
www.cve.org
3
cve-2021-25988
ifme
stored xss
notifications
vulnerability
admin triggered
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.4%
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
CNA Affected
[
{
"product": "ifme",
"vendor": "ifmeorg",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v7.31.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-25988
2021-12-29 09:15:09
cnvd
cnvd
ifme notifications section cross-site scripting vulnerability
2021-12-30 00:00:00
nvd
nvd
CVE-2021-25988
2021-12-29 09:15:09
prion
prion
Cross site scripting
2021-12-29 09:15:00
cve
cve
CVE-2021-25988
2021-12-29 09:15:09
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.4%
Related for CVELIST:CVE-2021-25988