exploitDog

CVE-2021-33853

Опубликовано: 16 мар. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.

Ссылки

https://cybersecurityworks.com/zerodays/cve-2021-33853-stored-cross-site-scripting-in-x2crm.html
Exploit
Third Party Advisory
https://cybersecurityworks.com/zerodays/cve-2021-33853-stored-cross-site-scripting-in-x2crm.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:x2engine:x2crm:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-rw8w-376g-f5xw

CVSS3: 5.4

github

почти 4 года назад

A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79