Cross-Site Scripting Vulnerability in ThingsBoard by Thingsboard
CVE-2021-42750
4.8MEDIUM
What is CVE-2021-42750?
A cross-site scripting (XSS) vulnerability exists within the Rule Engine of ThingsBoard 3.3.1. This flaw allows remote attackers, who possess administrative privileges, to inject arbitrary JavaScript code into the title of a rule node. If exploited, this vulnerability can enable attackers to execute malicious scripts in the context of an authenticated user's session, potentially compromising user data and security. It is critical for users to ensure their installations are updated to avoid this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved