Vulnerability Description
In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ericsson | Codechecker | <= 6.18.0 |
Related Weaknesses (CWE)
References
- https://codechecker-demo.eastus.cloudapp.azure.com/Permissions Required
- https://github.com/Ericsson/codechecker/pull/3549PatchThird Party Advisory
- https://github.com/Ericsson/codechecker/releasesRelease NotesThird Party Advisory
- https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.mdExploitThird Party Advisory
- https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-aThird Party Advisory
- https://codechecker-demo.eastus.cloudapp.azure.com/Permissions Required
- https://github.com/Ericsson/codechecker/pull/3549PatchThird Party Advisory
- https://github.com/Ericsson/codechecker/releasesRelease NotesThird Party Advisory
- https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.mdExploitThird Party Advisory
- https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-aThird Party Advisory
FAQ
What is CVE-2021-44217?
CVE-2021-44217 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML...
How severe is CVE-2021-44217?
CVE-2021-44217 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44217?
Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Codechecker.