First published: Mon Feb 22 2021(Updated: )
A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Appspace Appspace | =6.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-27564 is a stored XSS vulnerability that exists in Appspace 6.2.4.
After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.
CVE-2021-27564 has a severity level of medium.
To fix CVE-2021-27564, update Appspace to version 6.2.5 or later.
Yes, you can find more information about CVE-2021-27564 at the following reference: https://github.com/viperbluff/Appspace-Ver-6.2.4-Stored-Xss