CVE-2021-25988 Information

Description

In “ifme” versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/ifmeorg/ifme/commit/720a47015e46ad387b3219fed7ebfb14ec3c854c https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25988

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4