CVE-2021-46355 Information

Description

OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability the attacker needs to manipulate the name of some device on your computer such as a printer replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://ocs.com https://medium.com/@windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4