andreapollastri/cipi is vulnerable to stored cross-site scripting. The vulnerability exists in /api/servers name field
when adding a new server on the server panel, as it doesn’t properly filter the parameters which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
andreapollastri/cipi | eq | 3.1.15 | |
andreapollastri/cipi | eq | 3.1.15 |