Lucene search
TwcertCVELIST:CVE-2021-37211HistoryAug 09, 2021 - 9:15 a.m.
CVE-2021-37211 Larvata Digital Technology Co. Ltd. FLYGO - Stored XSS
2021-08-0909:15:25
CWE-79
twcert
www.cve.org
2
cve-2021-37211
larvata digital technology co. ltd.
flygo
stored xss
javascript
vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
22.7%
The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks.
CNA Affected
[
{
"product": "FLYGO",
"vendor": "Larvata Digital Technology Co. Ltd.",
"versions": [
{
"lessThanOrEqual": "2021.4e",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2021-08-09 10:15:00
cve
cve
CVE-2021-37211
2021-08-09 10:15:08
nvd
nvd
CVE-2021-37211
2021-08-09 10:15:08
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
22.7%
Related for CVELIST:CVE-2021-37211