← back
CVE-2021-32539

Hundred Plus 101EIP - Stored XSS-1

CVSS 5.4 MEDIUMEPSS 0.6%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
Hundred Plus · 101EIP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/tw/cp-132-4755-bd590-1.html