← back
CVE-2021-41467

CVE-2021-41467

18Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 3.5%
exploitation probability
3.5%top 12% of all CVEs
observed exploitation
nono source reports it
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
Affected products
n/a · n/a