CVE-2021-3151
Summary
| CVE | CVE-2021-3151 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-02-27 05:15:00 UTC |
| Updated | 2021-06-03 16:35:00 UTC |
| Description | i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| wizlynx group | Stored Cross-Site Scripting (XSS) Vulnerability in i-doit 1.15.2 | MISC | www.wizlynxgroup.com | Exploit, Vendor Advisory |
| i-doit 1.15.2 Cross Site Scripting ≈ Packet Storm | MISC | packetstormsecurity.com | |
| i-doit Open News - CMDB & IT Documentation Blog | MISC | www.i-doit.org | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.