RSS   Vulnerabilities for 'IFME'   RSS

2021-12-29
 
CVE-2021-25988

CWE-79
 

 
In �??ifme�?�, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.

 
 
CVE-2021-25989

CWE-79
 

 
In �??ifme�?�, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.

 
 
CVE-2021-25990

CWE-79
 

 
In �??ifme�?�, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.

 


Copyright 2024, cxsecurity.com

 

Back to Top