Nixpkgs Security Tracker

Dismissed

Permalink CVE-2021-47908

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 month, 2 weeks ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 3 weeks ago
@jopejoe1 removed
6 packages
- nnd
- nim1
- nim2
- nim-2_0
- lixStatic
- nixStatic
1 month, 2 weeks ago
@jopejoe1 dismissed 1 month, 2 weeks ago

Ultimate POS 4.4 Persistent Cross-Site Scripting via Product Name

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions.

References

VulnCheck Advisory: Ultimate POS 4.4 Persistent Cross-Site Scripting via Product Name third-party-advisory
Vulnerability Lab Advisory exploit
Product Homepage product
Vulnerability Lab Advisory exploit
Product Homepage product
VulnCheck Advisory: Ultimate POS 4.4 Persistent Cross-Site Scripting via Product Name third-party-advisory

Affected products

Unknown

==4.4

Not present in nixpkgs

Suggestion detail

References

Affected products