PT-2021-21960 · Onenav · Onenav
Alex123-2Star
·
Published
2021-08-05
·
Updated
2022-09-28
·
CVE-2021-38138
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
OneNav beta version 0.9.12
Description:
The issue allows for XSS via the Add Link feature. The vendor has stated that there is intentionally no XSS protection at present, as the attack risk is largely limited to a compromised account. However, XSS protection is planned for a future release.
Recommendations:
For OneNav beta version 0.9.12, consider disabling the Add Link feature until XSS protection is implemented in a future release.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onenav