Vulnerabilities

CVE-2021-27930

by Fred · 06/07/2021

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE).

Date published : 2021-07-06

https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2021-27930.pdf

https://varsnext.iriscorporate.com/history.html

Similar

Tags: Cybersecurity Alert