Cross site scripting

2022-02-1116:15:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.

CPENameOperatorVersion
projeqtorle9.3.1

CPE	Name	Operator	Version
	projeqtor	le	9.3.1

References

truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940

www.projeqtor.org/en/