CVE-2021-27564

{"id": "CVE-2021-27564", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-02-22T17:15:12.847", "references": [{"url": "https://github.com/viperbluff/Appspace-Ver-6.2.4-Stored-Xss", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/viperbluff/Appspace-Ver-6.2.4-Stored-Xss", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes."}, {"lang": "es", "value": "Se presenta un problema de tipo XSS almacenado en Appspace versi\u00f3n 6.2.4. Despu\u00e9s de que un usuario se autentique e introduzca una carga \u00fatil XSS en la secci\u00f3n de grupos de la pesta\u00f1a de red, es almacenada como el nombre del grupo. Cada vez que otro miembro visita ese grupo, esta carga \u00fatil es ejecutada"}], "lastModified": "2024-11-21T05:58:12.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appspace:appspace:6.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AD7EBEE-1FA6-4C7D-ACE7-B3D7D62373EB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}