Vulnerability Description
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| If-Me | Ifme | >= 1.0.0, <= 7.31.4 |
Related Weaknesses (CWE)
References
- https://github.com/ifmeorg/ifme/commit/720a47015e46ad387b3219fed7ebfb14ec3c854cPatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25988ExploitThird Party Advisory
- https://github.com/ifmeorg/ifme/commit/720a47015e46ad387b3219fed7ebfb14ec3c854cPatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25988ExploitThird Party Advisory
FAQ
What is CVE-2021-25988?
CVE-2021-25988 is a vulnerability with a CVSS score of 5.4 (MEDIUM). In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
How severe is CVE-2021-25988?
CVE-2021-25988 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25988?
Check the references section above for vendor advisories and patch information. Affected products include: If-Me Ifme.