Lucene search
Rapid7CVELIST:CVE-2021-36803HistoryAug 04, 2021 - 10:20 p.m.
CVE-2021-36803 Akaunting Avatar Persistent XSS
2021-08-0422:20:43
CWE-79
rapid7
www.cve.org
3
akaunting
avatar
xss
vulnerability
v2.1.13
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
EPSS
0.001
Percentile
24.8%
Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product.
CNA Affected
[
{
"product": "Akaunting",
"vendor": "Akaunting",
"versions": [
{
"lessThanOrEqual": "2.1.12",
"status": "affected",
"version": "2.1.12",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
Akaunting Cross-Site Scripting Vulnerability (CNVD-2021-94938)
2021-08-06 00:00:00
nvd
nvd
CVE-2021-36803
2021-08-04 23:15:08
prion
prion
Cross site scripting
2021-08-04 23:15:00
osv
osv
CVE-2021-36803
2021-08-04 23:15:08
cve
cve
CVE-2021-36803
2021-08-04 23:15:08
thn
thn
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
2021-07-27 13:01:00
rapid7blog
rapid7blog
Multiple Open Source Web App Vulnerabilities Fixed
2021-07-27 14:30:24
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
EPSS
0.001
Percentile
24.8%
Related for CVELIST:CVE-2021-36803