CVE-2021-44217
N/A
N/A
Summary
In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://codechecker-demo.eastus.cloudapp.azure.com/
- https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-ad0c-80aeed6f7ec9.png
- https://github.com/Ericsson/codechecker/releases
- https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.md
- https://github.com/Ericsson/codechecker/pull/3549
References
- https://codechecker-demo.eastus.cloudapp.azure.com/
- https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-ad0c-80aeed6f7ec9.png
- https://github.com/Ericsson/codechecker/releases
- https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.md
- https://github.com/Ericsson/codechecker/pull/3549
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.