CVE-2021-26549

Опубликовано: 09 фев. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.

Ссылки

http://packetstormsecurity.com/files/161335/SmartFoxServer-2X-2.17.0-God-Mode-Console-WebSocket-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.smartfoxserver.com
Product
https://www.zeroscience.mk/en/vulnerabilities/
Exploit
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5626.php
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/161335/SmartFoxServer-2X-2.17.0-God-Mode-Console-WebSocket-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://www.smartfoxserver.com
Product
https://www.zeroscience.mk/en/vulnerabilities/
Exploit
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5626.php
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smartfoxserver:smartfoxserver:2.17.0:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01432

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-g9m2-w2m7-c5ff