CVE-2021-3395
[Suggested description]
A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
OOO Tekhnologii zashchity
[Affected Product Code Base]
PRYANIKY - 6.44.3
[Attack Type]
Remote
[Attack Vectors]
To exploit this vulnerability someone must open a crafted HTML file.
[Has vendor confirmed or acknowledged the vulnerability?] true
true
[Discoverer]
Irina Belyaeva (Jet Infosystems, jet.su), Maria Kononova (Jet Infosystems, jet.su)