CVE-2021-32092

CVE-2021-32092

EPSS 1.0%

A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover