Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-5wrp-j382-mvjv

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE).

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE).

Ссылки

EPSS

Процентиль: 40%
0.00181
Низкий

CVE ID

CVE-2021-27930

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2021-27930

CVSS3: 5.4
nvd
больше 4 лет назад

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE).

EPSS

Процентиль: 40%
0.00181
Низкий

CVE ID

CVE-2021-27930

Дефекты

CWE-79