CVE-2021-27930
5.4
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R
Summary
Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://varsnext.iriscorporate.com/history.html
- https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2021-27930.pdf
References
- https://varsnext.iriscorporate.com/history.html
- https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2021-27930.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.