Vulnerability Details CVE-2021-41317
XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://docs.google.com/document/d/12rq4YIFZLSmZlEsq7d7hYCI1qO5xyIxA1Wrs1m4y9-4/preview
- https://github.com/mandatoryprogrammer/xsshunter-express/commit/56bb44ed9024849f64173f71583ecb7d873baba0
- https://vuln.ryotak.me/advisories/57
- https://docs.google.com/document/d/12rq4YIFZLSmZlEsq7d7hYCI1qO5xyIxA1Wrs1m4y9-4/preview
- https://github.com/mandatoryprogrammer/xsshunter-express/commit/56bb44ed9024849f64173f71583ecb7d873baba0
- https://vuln.ryotak.me/advisories/57
Products affected by CVE-2021-41317
-
cpe:2.3:a:xss_hunter_express_project:xss_hunter_express:*