CVE-2021-26549

EUVD-2021-13348
An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
smartfoxserversmartfoxserver
2.17.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/161335/SmartFoxServer-2X-2.17.0-God-Mode-Console-WebSocket-Cross-Site-Scripting.html
https://www.smartfoxserver.com
https://www.zeroscience.mk/en/vulnerabilities/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5626.php
http://packetstormsecurity.com/files/161335/SmartFoxServer-2X-2.17.0-God-Mode-Console-WebSocket-Cross-Site-Scripting.html
https://www.smartfoxserver.com
https://www.zeroscience.mk/en/vulnerabilities/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5626.php