vendor:
myfactory FMS
by:
RedTeam Pentesting GmbH
6.1
CVSS
MEDIUM
Reflected Cross-Site Scripting (XSS)
79
CWE
Product Name: myfactory FMS
Affected Version From: Enfold < 4.8.4 (all versions)
Affected Version To: Enfold < 4.8.4 (all versions)
Patch Exists: YES
Related CWE: CVE-2021-42565, CVE-2021-42566
CPE: a:myfactory:myfactory_fms:7.1-911
Tags: cve,cve2021,myfactory,xss
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Nuclei Metadata: {'max-request': 2, 'vendor': 'myfactory', 'product': 'fms'}
Platforms Tested: Ubuntu
2021
myfactory FMS 7.1-911 – ‘Multiple’ Reflected Cross-Site Scripting (XSS)
During a penetration test, a reflected cross-site scripting vulnerability (XSS) was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser.
Mitigation:
Ensure that user input is properly sanitized and encoded before being reflected in the application.