Stored XSS Vulnerability in Testes de Codigo Mobile Application v11.3 and Prior

Stored XSS Vulnerability in Testes de Codigo Mobile Application v11.3 and Prior

CVE-2021-25647 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.

Learn more about our Web App Pen Testing.