CVE-2021-47841

Sažetak

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs.

Reference

https://github.com/gurayyarar/SnipCommand
https://imgur.com/a/I2reH1M
https://www.exploit-db.com/exploits/49829
https://www.vulncheck.com/advisories/snipcommand-persistent-cross-site-scripting
https://www.vulncheck.com/advisories/snipcommand-persistent-cross-site-scripting

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

26-01-2026 - 15:05

Objavljeno

16-01-2026 - 19:16