CVE-2021-27945

The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.
Configurations

Configuration 1 (hide)

cpe:2.3:a:squirro:squirro:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-04-08 17:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-27945

Mitre link : CVE-2021-27945

CVE.ORG link : CVE-2021-27945


JSON object : View

Products Affected

squirro

  • squirro
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')