Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.
References
Link | Resource |
---|---|
https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/index.ts#L54 | Exploit Issue Tracking |
https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/views/widget.ejs#L14 | Exploit Issue Tracking |
https://securitylab.github.com/advisories/GHSL-2021-103-erxes/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-02-20T00:00:00
Updated: 2023-03-06T00:00:00
Reserved: 2021-05-12T00:00:00
Link: CVE-2021-32853
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-20T23:15:12.133
Modified: 2023-03-02T15:56:09.717
Link: CVE-2021-32853
JSON object: View
Redhat Information
No data.
CWE