CVE-2021-3124

Name of the Vulnerable Software and Affected Versions Custom Global Variables version 1.0.5

Description The issue allows a remote attacker to inject arbitrary code via the vars[0][name] field, which is a form field in the Custom Global Variables product by robust.systems. This is a case of stored cross-site scripting (XSS).

Recommendations For version 1.0.5, consider disabling the form field that allows input for vars[0][name] until a patch is available to prevent the injection of arbitrary code. Restrict access to this field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.