CVE-2021-25647 Information

Description

Mobile application \Testes de Codigo\ v11.3 and prior allows stored XSS by injecting a payload in the eedback\ message field causing it to be stored in the remote database and leading to its execution on client devices when loading the eedback list\ either by accessing the website directly or using the mobile application.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://vrls.ws/posts/2021/01/cve-2021-25647-mobile-application-testes-de-codigo-stored-xss/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4