CVE-2021-3395

Name of the Vulnerable Software and Affected Versions: Pryaniki version 6.44.3

Description: A cross-site scripting (XSS) issue allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.

Recommendations: For Pryaniki version 6.44.3, consider disabling the file upload feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to attachments to minimize the risk of JavaScript code execution. Avoid using the affected version for uploading or accessing files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.