CVE-2021-32853

Опубликовано: 20 фев. 2023

Источник: nvd

CVSS3: 6.1

CVSS3: 9.6

EPSS Высокий

Описание

Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.

Ссылки

https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/index.ts#L54
Exploit
Issue Tracking
https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/views/widget.ejs#L14
Exploit
Issue Tracking
https://securitylab.github.com/advisories/GHSL-2021-103-erxes/
Exploit
Third Party Advisory
https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/index.ts#L54
Exploit
Issue Tracking
https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/views/widget.ejs#L14
Exploit
Issue Tracking
https://securitylab.github.com/advisories/GHSL-2021-103-erxes/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:erxes:erxes:*:*:*:*:*:*:*:*

Версия до 0.22.3 (исключая)

EPSS

Процентиль: 99%

0.85495

Высокий

6.1 Medium

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-g9ph-r9hc-34r8

CVSS3: 6.1

github

почти 3 года назад

Erxes vulnerable to Cross-site Scripting

EPSS

Процентиль: 99%

0.85495

Высокий

6.1 Medium

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-79