Vulnerability Details CVE-2021-38157
LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://dgccpa.com
- https://gist.github.com/erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91
- https://leostream.com
- https://www.leostream.com/resources-2/product-lifecycle/
- https://dgccpa.com
- https://gist.github.com/erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91
- https://leostream.com
- https://www.leostream.com/resources-2/product-lifecycle/
Products affected by CVE-2021-38157
-
cpe:2.3:a:leostream:connection_broker:9.0.10
-
cpe:2.3:a:leostream:connection_broker:9.0.3
-
cpe:2.3:a:leostream:connection_broker:9.0.34