Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.
References
Link | Resource |
---|---|
https://vrls.ws/posts/2021/01/cve-2021-25647-mobile-application-testes-de-codigo-stored-xss/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-28T18:49:44
Updated: 2021-01-28T18:49:44
Reserved: 2021-01-21T00:00:00
Link: CVE-2021-25647
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-28T19:15:13.473
Modified: 2021-02-03T15:20:45.617
Link: CVE-2021-25647
JSON object: View
Redhat Information
No data.
CWE