CVE-2021-42940

2022-02-1115:54:30

mitre

www.cve.org

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.

References

truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940

www.projeqtor.org/en/