CVE-2021-25647

{"id": "CVE-2021-25647", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-01-28T19:15:13.473", "references": [{"url": "https://vrls.ws/posts/2021/01/cve-2021-25647-mobile-application-testes-de-codigo-stored-xss/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://vrls.ws/posts/2021/01/cve-2021-25647-mobile-application-testes-de-codigo-stored-xss/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Mobile application \"Testes de Codigo\" v11.3 and prior allows stored XSS by injecting a payload in the \"feedback\" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the \"feedback list\", either by accessing the website directly or using the mobile application."}, {"lang": "es", "value": "La aplicaci\u00f3n m\u00f3vil \"Testes de Codigo\" versi\u00f3n v11.3 y anteriores, permite almacenar XSS inyectando una carga \u00fatil en el campo de mensaje \"feedback\", causando que se almacene en la base de datos remota y conlleve a su ejecuci\u00f3n en los dispositivos cliente cuando se carga la \"feedback list\" , ya sea accediendo directamente al sitio web o usando la aplicaci\u00f3n m\u00f3vil"}], "lastModified": "2024-11-21T05:55:12.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:testes-codigo:testes_de_codigo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C09968A-EFD6-4B7F-8E03-A080D4ECCF1D", "versionEndIncluding": "11.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}