CVE-2021-41467
18Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 3.5%
exploitation probability
3.5%top 12% of all CVEs
observed exploitation
nono source reports it
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
Affected products
n/a · n/a