CVE-2021-38695

Опубликовано: 18 янв. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g. subject, description) of the document form.

Ссылки

http://www.infoma.net/index.php/saraban/
Product
https://orangeo.tech/post/2021/12/24/First-CVEs.html
Exploit
Third Party Advisory
URL Repurposed
https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=US
Product
https://sawatdee.github.io/post/2021/12/24/First-CVEs.html
Exploit
Third Party Advisory
http://www.infoma.net/index.php/saraban/
Product
https://orangeo.tech/post/2021/12/24/First-CVEs.html
Exploit
Third Party Advisory
URL Repurposed
https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=US
Product
https://sawatdee.github.io/post/2021/12/24/First-CVEs.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softvibe:saraban:1.1:*:*:*:*:infoma:*:*

EPSS

Процентиль: 49%

0.00259

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4qv9-67wq-cv7g