A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.
References
Link | Resource |
---|---|
https://support.cloverdx.com/releases/ | Release Notes Vendor Advisory |
https://support1.cloverdx.com/hc/en-us/articles/360021006520 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-09T14:33:39
Updated: 2021-06-09T14:33:39
Reserved: 2021-04-05T00:00:00
Link: CVE-2021-30133
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-09T15:15:08.540
Modified: 2021-06-10T20:19:57.280
Link: CVE-2021-30133
JSON object: View
Redhat Information
No data.
CWE