CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27930
https://notcve.org/view.php?id=CVE-2021-27930
Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE). Múltiples vulnerabilidades de tipo cross-site scripting (XSS) almacenadas en IRIS IrisNext versión 9.5.16, permiten a usuarios remotos autenticados inyectar script web o HTML arbitrarios por medio de un nombre de documento o carpeta que es manejado inapropiadamente cuando se renderiza el formulario de contacto o el formulario de búsqueda • https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2021-27930.pdf https://varsnext.iriscorporate.com/history.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •