exploitDog

CVE-2021-41918

Опубликовано: 08 окт. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page.

Ссылки

https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/
Exploit
Third Party Advisory
https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webtareas_project:webtareas:*:*:*:*:*:*:*:*

Версия до 2.4 (включая)

EPSS

Процентиль: 55%

0.00324

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p8qp-hj8r-xc3j

github

больше 3 лет назад

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page.

EPSS

Процентиль: 55%

0.00324

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79