PT-2022-11677 · Unknown · Thingsboard

Published

2022-08-12

Updated

2022-08-15

CVE-2021-42750

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ThingsBoard version 3.3.1

Description A cross-site scripting (XSS) issue in the Rule Engine of ThingsBoard allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node.

Recommendations For ThingsBoard version 3.3.1, consider disabling the Rule Engine or restricting access to it until a patch is available to prevent exploitation of the XSS vulnerability.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-42750

Affected Products

Thingsboard

PT-2022-11677 · Unknown · Thingsboard

CVE-2021-42750

Weakness Enumeration

Related Identifiers

Affected Products

References · 6