CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38157
https://notcve.org/view.php?id=CVE-2021-38157
LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer LeoStream Connection Broker versiones 9.x anteriores a 9.0.34.3, permite un ataque de tipo XSS reflejado no autenticado por medio del parámetro user /index.pl. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no son soportados por el mantenedor • https://dgccpa.com https://gist.github.com/erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91 https://leostream.com https://www.leostream.com/resources-2/product-lifecycle • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •