Erxes vulnerable to Cross-site Scripting
CVE-2021-32853

6.1MEDIUM

Key Information:

Vendor: Npm
Status: Erxes
Vendor: CVE Published:; 20 February 2023

What is CVE-2021-32853?

Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.

Affected Version(s)

erxes 0.22.3

References

https://securitylab.github.com/advisories/GHSL-2021-103-e...

https://github.com/erxes/erxes/blob/f131b49add72032650d48...

EPSS Score

84% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2023
Vulnerability Reserved
May 12, 2021

CVE-2021-32853 Data

JSON