CVE-2021-25647

Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
testes-codigotestes_de_codigo
𝑥
≤ 11.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://vrls.ws/posts/2021/01/cve-2021-25647-mobile-application-testes-de-codigo-stored-xss/
https://vrls.ws/posts/2021/01/cve-2021-25647-mobile-application-testes-de-codigo-stored-xss/