CVE-2021-32092

2021-05-0703:52:18

mitre

www.cve.org

cross-site scripting

documentaction

u.s. national security agency

emissary 5.9.0

remote attackers

EPSS

0.001

Percentile

46.8%

JSON

A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.

References

blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed

portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover

EPSS

0.001

Percentile

46.8%

JSON

Related for CVELIST:CVE-2021-32092