Skip to content

jet-pentest/CVE-2021-3395

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 

Repository files navigation

CVE-2021-3395

[Suggested description]

A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.

[Vulnerability Type]

Cross Site Scripting (XSS)

[Vendor of Product]

OOO Tekhnologii zashchity

[Affected Product Code Base]

PRYANIKY - 6.44.3

[Attack Type]

Remote

[Attack Vectors]

To exploit this vulnerability someone must open a crafted HTML file.

[Has vendor confirmed or acknowledged the vulnerability?] true

true

[Discoverer]

Irina Belyaeva (Jet Infosystems, jet.su), Maria Kononova (Jet Infosystems, jet.su)

[Reference]

https://pryaniky.com/en/

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published