Vulnerability Description
XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xss Hunter Express Project | Xss Hunter Express | < 2021-09-17 |
Related Weaknesses (CWE)
References
- https://docs.google.com/document/d/12rq4YIFZLSmZlEsq7d7hYCI1qO5xyIxA1Wrs1m4y9-4/MitigationThird Party Advisory
- https://github.com/mandatoryprogrammer/xsshunter-express/commit/56bb44ed9024849fPatchThird Party Advisory
- https://vuln.ryotak.me/advisories/57Third Party Advisory
- https://docs.google.com/document/d/12rq4YIFZLSmZlEsq7d7hYCI1qO5xyIxA1Wrs1m4y9-4/MitigationThird Party Advisory
- https://github.com/mandatoryprogrammer/xsshunter-express/commit/56bb44ed9024849fPatchThird Party Advisory
- https://vuln.ryotak.me/advisories/57Third Party Advisory
FAQ
What is CVE-2021-41317?
CVE-2021-41317 is a vulnerability with a CVSS score of 9.8 (CRITICAL). XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.
How severe is CVE-2021-41317?
CVE-2021-41317 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-41317?
Check the references section above for vendor advisories and patch information. Affected products include: Xss Hunter Express Project Xss Hunter Express.