PT-2022-11718 · Unknown · Pixelimity

Published

2022-03-31

Updated

2022-04-07

CVE-2021-42866

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Pixelimity version 1.0

Description A Cross Site Scripting issue exists in the software via the Site Description field in the "pixelimity/admin/setting.php" endpoint.

Recommendations For Pixelimity version 1.0, consider disabling the Site Description field in the "pixelimity/admin/setting.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the Site Description field in this endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-42866

Affected Products

Pixelimity

PT-2022-11718 · Unknown · Pixelimity

CVE-2021-42866

Weakness Enumeration

Related Identifiers

Affected Products

References · 5