Vulnerability Details CVE-2021-28048
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2021-28048
-
cpe:2.3:a:devolutions:devolutions_server:-