CVE-2021-36381

Sažetak

In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application.

Reference

https://www.edifecs.com/services/managed-services/
https://gist.github.com/rvismit/c2da674254f53c40d3a9eb3896277ebc

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

14-07-2021 - 19:45

Objavljeno

12-07-2021 - 16:15