CVE-2021-25978

Published at:
2021-11-07T18:15:07.620
Source: [email protected]

Global infos:

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorNETWORK
    Availability ImpactNONE
    Base Score5.4
    Base SeverityMEDIUM
    Confidentiality ImpactLOW
    Integrity ImpactLOW
    Privileges RequiredLOW
    ScopeCHANGED
    User InteractionREQUIRED
    Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    Exploitability Score2.3
    Impact Score2.7
    Source[email protected]
    TypeSecondary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords