PT-2021-20140 · Foris · Foris

Niklas Volcz

Published

2021-01-29

Updated

2021-02-02

CVE-2021-3346

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foris versions prior to 101.1.1

Description The issue is related to a lack of certain HTML escaping in the login template. This could potentially lead to security issues, but specific details about exploitation or affected devices are not provided.

Recommendations For versions prior to 101.1.1, update to version 101.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the login template until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-3346

Affected Products

Foris

PT-2021-20140 · Foris · Foris

CVE-2021-3346

Related Identifiers

Affected Products

References · 6