Stored XSS Vulnerability in ifme Versions 1.0.0 to v7.31.4 via Ally Request in Notifications Section
CVE-2021-25988 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
Learn more about our Web Application Penetration Testing UK.