Vulnerability Details CVE-2021-25990
In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/ifmeorg/ifme/commit/83fd44ef8921a8dcf394a012e44901ab08596bdc
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25990
- https://github.com/ifmeorg/ifme/commit/83fd44ef8921a8dcf394a012e44901ab08596bdc
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25990
Products affected by CVE-2021-25990
-
cpe:2.3:a:if-me:ifme:7.22.0
-
cpe:2.3:a:if-me:ifme:7.22.1
-
cpe:2.3:a:if-me:ifme:7.22.2
-
cpe:2.3:a:if-me:ifme:7.22.3
-
cpe:2.3:a:if-me:ifme:7.22.4
-
cpe:2.3:a:if-me:ifme:7.22.5
-
cpe:2.3:a:if-me:ifme:7.23.0
-
cpe:2.3:a:if-me:ifme:7.23.1
-
cpe:2.3:a:if-me:ifme:7.24.0
-
cpe:2.3:a:if-me:ifme:7.24.1
-
cpe:2.3:a:if-me:ifme:7.24.2
-
cpe:2.3:a:if-me:ifme:7.24.3
-
cpe:2.3:a:if-me:ifme:7.24.4
-
cpe:2.3:a:if-me:ifme:7.24.5
-
cpe:2.3:a:if-me:ifme:7.24.6
-
cpe:2.3:a:if-me:ifme:7.24.7
-
cpe:2.3:a:if-me:ifme:7.24.8
-
cpe:2.3:a:if-me:ifme:7.24.9
-
cpe:2.3:a:if-me:ifme:7.25.0
-
cpe:2.3:a:if-me:ifme:7.25.1
-
cpe:2.3:a:if-me:ifme:7.25.2
-
cpe:2.3:a:if-me:ifme:7.25.3
-
cpe:2.3:a:if-me:ifme:7.25.4
-
cpe:2.3:a:if-me:ifme:7.26.0
-
cpe:2.3:a:if-me:ifme:7.26.1
-
cpe:2.3:a:if-me:ifme:7.26.2
-
cpe:2.3:a:if-me:ifme:7.26.3
-
cpe:2.3:a:if-me:ifme:7.27.0
-
cpe:2.3:a:if-me:ifme:7.27.1
-
cpe:2.3:a:if-me:ifme:7.28.0
-
cpe:2.3:a:if-me:ifme:7.29.0
-
cpe:2.3:a:if-me:ifme:7.29.1
-
cpe:2.3:a:if-me:ifme:7.29.2
-
cpe:2.3:a:if-me:ifme:7.29.3
-
cpe:2.3:a:if-me:ifme:7.29.4
-
cpe:2.3:a:if-me:ifme:7.30.0
-
cpe:2.3:a:if-me:ifme:7.30.1
-
cpe:2.3:a:if-me:ifme:7.30.10
-
cpe:2.3:a:if-me:ifme:7.30.11
-
cpe:2.3:a:if-me:ifme:7.30.12
-
cpe:2.3:a:if-me:ifme:7.30.13
-
cpe:2.3:a:if-me:ifme:7.30.2
-
cpe:2.3:a:if-me:ifme:7.30.3
-
cpe:2.3:a:if-me:ifme:7.30.4
-
cpe:2.3:a:if-me:ifme:7.30.5
-
cpe:2.3:a:if-me:ifme:7.30.6
-
cpe:2.3:a:if-me:ifme:7.30.7
-
cpe:2.3:a:if-me:ifme:7.30.8
-
cpe:2.3:a:if-me:ifme:7.30.9
-
cpe:2.3:a:if-me:ifme:7.31.0
-
cpe:2.3:a:if-me:ifme:7.31.1
-
cpe:2.3:a:if-me:ifme:7.31.2
-
cpe:2.3:a:if-me:ifme:7.31.3
-
cpe:2.3:a:if-me:ifme:7.31.4