Cross Site Scripting Vulnerability in Priority Enterprise Management System
CVE-2021-26832

6.1MEDIUM

Key Information:

Vendor: Priority-software
Status: Priority Enterprise Management System
Vendor: CVE Published:; 14 April 2021

🔔 Create Priority-software Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-26832?

A Cross Site Scripting vulnerability exists in the 'Reset Password' page of Priority Enterprise Management System v8.00, allowing attackers to craft malicious URLs that can execute JavaScript in the context of a victim's browser. By directing users to these malicious links, attackers can manipulate user sessions or extract sensitive data. Organizations using this software must ensure timely updates and user awareness to mitigate such risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-26832
Created by NagliNagli

References

https://github.com/NagliNagli/CVE-2021-26832

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2021
🟡
Public PoC available
Apr 13, 2021
👾
Exploit known to exist
Apr 13, 2021
Vulnerability Reserved
Feb 5, 2021

JSON

Priority-software