CVE-2021-31794
Description
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.
Vulnerability Type
Cross Site Scripting (XSS)
Vendor of Product
Directum
Affected Product Code Base
Directum - 5.8.2
Affected Component
Settings.aspx?view=About, User-agent header
Attack Type
Remote
CVE Impact Other
Content spoofing, execution js code in user's browser
Attack Vectors
You need to pass the payload (HTML tags, JS code) through the user-agent while visiting the "Settings.aspx?view=About" page
Reference
https://www.directum.ru/
https://github.com/awillix/research/blob/main/cve/CVE-2021-31794.md
Discoverer
Pavel Parkhomets