PT-2021-16912 · Ifme · Ifme
Published
2021-12-29
·
Updated
2022-01-06
·
CVE-2021-25989
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ifme versions 1.0.0 through 7.31.4
Description
The issue is related to a stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group, which triggers the payload for them.
Recommendations
For versions 1.0.0 through 7.31.4, consider disabling the markdown editor until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the group leadership feature to minimize the risk of triggering the payload.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ifme