exploitDog

CVE-2021-43440

Опубликовано: 20 дек. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.

Ссылки

https://github.com/MartDevelopers-Inc/Order_Processing_MIS
Third Party Advisory
https://medium.com/%40mayhem7999/cve-2021-43439-d04781bca6ce
https://github.com/MartDevelopers-Inc/Order_Processing_MIS
Third Party Advisory
https://medium.com/%40mayhem7999/cve-2021-43439-d04781bca6ce

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iorder_project:iorder:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00547

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6hp7-c3wr-r2xv

github

около 4 лет назад

Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.

EPSS

Процентиль: 67%

0.00547

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79