Lucene search
SnykCVELIST:CVE-2021-23673HistoryNov 22, 2021 - 5:00 p.m.
CVE-2021-23673 Cross-site Scripting (XSS)
2021-11-2217:00:22
snyk
www.cve.org
4
cve-2021-23673
cross-site scripting
pekeupload
file upload
javascript code
security vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
EPSS
0.001
Percentile
40.8%
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.
CNA Affected
[
{
"product": "pekeupload",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2021-11-22 17:15:00
cnvd
cnvd
pekeUpload cross-site scripting vulnerability
2021-11-04 00:00:00
osv
osv
Cross-site Scripting in pekeupload
2021-12-02 17:52:26
cve
cve
CVE-2021-23673
2021-11-22 17:15:08
veracode
veracode
Cross-site Scripting (XSS)
2021-11-23 03:58:17
github
github
Cross-site Scripting in pekeupload
2021-12-02 17:52:26
nvd
nvd
CVE-2021-23673
2021-11-22 17:15:08
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
EPSS
0.001
Percentile
40.8%
Related for CVELIST:CVE-2021-23673