CVE-2021-47841

SnipCommand 0.1.0 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

gurayyarar · SnipCommand

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/gurayyarar/SnipCommand https://imgur.com/a/I2reH1M https://www.exploit-db.com/exploits/49829 https://www.vulncheck.com/advisories/snipcommand-persistent-cross-site-scripting