Reflected XSS Vulnerability in OpenSIS Community Edition by OS4ED
CVE-2021-27340

6.1MEDIUM

Key Information:

Vendor

Os4ed

Status
Opensis
Vendor
CVE Published:
16 September 2021

What is CVE-2021-27340?

The OpenSIS Community Edition is prone to a reflected XSS vulnerability found in the EmailCheck.php file, which can be exploited through the 'opt' parameter. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive user data. It's essential to apply the appropriate patches or updates to mitigate the risks associated with this vulnerability.

References

https://github.com/OS4ED/openSIS-Classic/issues/158
x_refsource_MISC
https://github.com/OS4ED/openSIS-Classic/releases
x_refsource_MISC
https://github.com/OS4ED/openSIS-Classic/commit/f78407d52...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.