exploitDog

CVE-2021-40888

Опубликовано: 11 окт. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.

Ссылки

https://github.com/projectsend/projectsend/issues/995
Exploit
Third Party Advisory
https://github.com/projectsend/projectsend/releases/tag/r1295
Third Party Advisory
https://github.com/projectsend/projectsend/issues/995
Exploit
Third Party Advisory
https://github.com/projectsend/projectsend/releases/tag/r1295
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectsend:projectsend:r1295:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-353r-v23w-mmff

github

больше 3 лет назад

Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79