Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: November 16, 2021
PoC DetailsIn a normal window login at http://localhost:3000 as an administrator. Now go to http://localhost:3000/dashboard/posts/forumTopic and create a sample Forum topic “topicbyadmin” and update it.
Open the application in incognito window by going to http://localhost:3000 and signup with a new account. Go to the discussion “topicbyadmin” and in the comments section, add the payload given below.
Go to the administrator session and browse the discussion section. Then, click on the “topicbyadmin” thread. Refresh the page. A popup will appear.
Affected Environments1.3.3 to 1.8.30
Good to know:
No fix version available
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||None|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|