First published: Wed Jun 09 2021(Updated: )
A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cloverdx Cloverdx | <=5.7.0 | |
Cloverdx Cloverdx | >=5.9.0<5.9.1 | |
Cloverdx Cloverdx | =5.8.0 | |
Cloverdx Cloverdx | =5.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-30133.
The severity of CVE-2021-30133 is medium with a severity value of 6.1.
CVE-2021-30133 affects CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier versions.
Remote attackers can exploit CVE-2021-30133 by injecting arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API.
You can resolve CVE-2021-30133 by updating your version of CloverDX to 5.9.1 or 5.10.