Vulnerability Details CVE-2021-37211
The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References