Lucene search

INCIBECVELIST:CVE-2021-3834

HistoryOct 07, 2021 - 3:14 p.m.

CVE-2021-3834 Integria IMS vulnerable to Cross Site Scripting (XSS)

2021-10-0715:14:35

CWE-79

INCIBE

www.cve.org

integria ims

cross site scripting

xss

vulnerability

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

36.2%

JSON

Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Integria IMS",
    "vendor": "Ártica",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.92"
      }
    ]
  }
]

References

integriaims.com/en/services/updates/

www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

36.2%

JSON

Related for CVELIST:CVE-2021-3834