CVE-2021-25647

Name of the Vulnerable Software and Affected Versions Testes de Codigo versions prior to 11.3

Description The issue allows stored XSS by injecting a payload in the feedback message field, causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.

Recommendations For versions prior to 11.3, as a temporary workaround, consider disabling the feedback functionality until a patch is available. Restrict access to the "feedback list" to minimize the risk of exploitation. Avoid using the feedback message field in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.