Vulnerability Description
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tastyigniter | Tastyigniter | 3.0.7 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163843/TastyIgniter-3.0.7-Cross-Site-ScriptExploitThird Party AdvisoryVDB Entry
- https://github.com/HuskyHacks/CVE-2021-38699-Reflected-XSSExploitThird Party Advisory
- https://github.com/HuskyHacks/CVE-2021-38699-Stored-XSSExploitThird Party Advisory
- https://github.com/Justin-1993/CVE-2021-38699ExploitThird Party Advisory
- https://pentesternotes.com/?p=209ExploitThird Party Advisory
- https://tastyigniter.com/supportProduct
- http://packetstormsecurity.com/files/163843/TastyIgniter-3.0.7-Cross-Site-ScriptExploitThird Party AdvisoryVDB Entry
- https://github.com/HuskyHacks/CVE-2021-38699-Reflected-XSSExploitThird Party Advisory
- https://github.com/HuskyHacks/CVE-2021-38699-Stored-XSSExploitThird Party Advisory
- https://github.com/Justin-1993/CVE-2021-38699ExploitThird Party Advisory
- https://pentesternotes.com/?p=209ExploitThird Party Advisory
- https://tastyigniter.com/supportProduct
FAQ
What is CVE-2021-38699?
CVE-2021-38699 is a vulnerability with a CVSS score of 5.4 (MEDIUM). TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.
How severe is CVE-2021-38699?
CVE-2021-38699 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38699?
Check the references section above for vendor advisories and patch information. Affected products include: Tastyigniter Tastyigniter.