PT-2023-12191 · Baremetrics · Baremetrics Date Range Picker

Erik Krogh Kristensen

Publicado

2023-02-20

Atualizado

2023-03-02

CVE-2021-32859

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Baremetrics date range picker versions 1.0.14 and prior

Description The issue is related to cross-site scripting (XSS) when handling untrusted placeholder entries. An attacker who can influence the placeholder field when creating a Calendar instance can supply arbitrary html or javascript that will be rendered in the context of a user, leading to XSS.

Recommendations For versions 1.0.14 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2021-32859

GHSA-465F-MXXH-GRC4

Produtos afetados

Baremetrics Date Range Picker

PT-2023-12191 · Baremetrics · Baremetrics Date Range Picker

CVE-2021-32859

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7