Vulnerability Details CVE-2021-42750
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.2%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2021-42750
-
cpe:2.3:a:thingsboard:thingsboard:3.3.1