A Cross Site Scripting (XSS) vulnerability exists in... · CVE-2021-42940 · GitHub Advisory Database · GitHub

A Cross Site Scripting (XSS) vulnerability exists in...

Critical severity Unreviewed Published Feb 12, 2022 to the GitHub Advisory Database • Updated Feb 3, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.

References

Published by the National Vulnerability Database

Feb 11, 2022

Published to the GitHub Advisory Database Feb 12, 2022

Last updated Feb 3, 2023