Skip to content

jet-pentest/CVE-2021-3395

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2021-3395

[Suggested description]

A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.

[Vulnerability Type]

Cross Site Scripting (XSS)

[Vendor of Product]

OOO Tekhnologii zashchity

[Affected Product Code Base]

PRYANIKY - 6.44.3

[Attack Type]

Remote

[Attack Vectors]

To exploit this vulnerability someone must open a crafted HTML file.

[Has vendor confirmed or acknowledged the vulnerability?] true

true

[Discoverer]

Irina Belyaeva (Jet Infosystems, jet.su), Maria Kononova (Jet Infosystems, jet.su)

[Reference]

https://pryaniky.com/en/

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published