CVE-2021-25647 — MEDIUM (5.4)

Q: How severe is CVE-2021-25647?

CVE-2021-25647 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-25647?

Check the references section above for vendor advisories and patch information. Affected products include: Testes-Codigo Testes De Codigo.

Vulnerability Description

Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Testes-Codigo	Testes De Codigo	<= 11.3

Related Weaknesses (CWE)

CWE-79

References

https://vrls.ws/posts/2021/01/cve-2021-25647-mobile-application-testes-de-codigoThird Party Advisory
https://vrls.ws/posts/2021/01/cve-2021-25647-mobile-application-testes-de-codigoThird Party Advisory

FAQ

What is CVE-2021-25647?

CVE-2021-25647 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its executi...

How severe is CVE-2021-25647?

CVE-2021-25647 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-25647?

Check the references section above for vendor advisories and patch information. Affected products include: Testes-Codigo Testes De Codigo.