Stored XSS Vulnerability in Appspace 6.2.4: Group Name Execution

Stored XSS Vulnerability in Appspace 6.2.4: Group Name Execution

CVE-2021-27564 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.

Learn more about our Network Penetration Testing.