admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-25969

Browse Source 
After coordinating with NVD about the Privileges Required metric, it was agreed that the public description should reflect that the attacker is unauthenticated, so NVD could properly modify their score.
Committed by: Hagai Wechsler
This commit is contained in:
hagaiwech 2021-11-24 16:02:48 +02:00 committed by GitHub
parent 9c3b3a47c2
commit d7a89201bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2021/25xxx/CVE-2021-25969.json
View File

@ -40,7 +40,7 @@
"description_data": [
{
"lang": "eng",
"value": "In \u201cCamaleon CMS\u201d application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim\u2019s browser when they open the page containing the malicious comment."
"value": "In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim\u2019s browser when they open the page containing the malicious comment."
}
]
},
@ -99,4 +99,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}