Stored XSS Vulnerability in ifme Versions 1.0.0 to v7.31.4 via Ally Request in Notifications Section

Stored XSS Vulnerability in ifme Versions 1.0.0 to v7.31.4 via Ally Request in Notifications Section

CVE-2021-25988 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.

Learn more about our Web Application Penetration Testing UK.