Lucene search
Rapid7CVELIST:CVE-2021-3539HistoryJul 27, 2021 - 12:00 a.m.
CVE-2021-3539 EspoCRM Avatar Persistent XSS
2021-07-2700:00:00
CWE-79
rapid7
www.cve.org
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
0.001 Low
EPSS
Percentile
22.9%
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
CNA Affected
[
{
"product": "EspoCRM",
"vendor": "EspoCRM",
"versions": [
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1.6",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-3539
2021-08-04 23:15:08
osv
osv
BIT-espocrm-2021-3539
2024-03-06 10:52:57
CVE-2021-3539
2021-08-04 23:15:08
prion
prion
Cross site scripting
2021-08-04 23:15:00
cve
cve
CVE-2021-3539
2021-08-04 23:15:08
thn
thn
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
2021-07-27 13:01:00
rapid7blog
rapid7blog
Multiple Open Source Web App Vulnerabilities Fixed
2021-07-27 14:30:24
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
0.001 Low
EPSS
Percentile
22.9%
Related for CVELIST:CVE-2021-3539