Description
Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE).
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-14650 | Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE). |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-03T21:33:16.999Z
Reserved: 2021-03-03T00:00:00.000Z
Link: CVE-2021-27930
No data.
Status : Modified
Published: 2021-07-06T12:15:18.653
Modified: 2026-06-17T03:45:38.067
Link: CVE-2021-27930
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD