CVE-2021-47841

SnipCommand 0.1.0 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Productos afectados

gurayyarar · SnipCommand

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/gurayyarar/SnipCommand https://imgur.com/a/I2reH1M https://www.exploit-db.com/exploits/49829 https://www.vulncheck.com/advisories/snipcommand-persistent-cross-site-scripting