Skoruba IdentityServer4.Admin up to 1.x data-secret-value cross site scripting

A vulnerability was found in Skoruba IdentityServer4.Admin up to 1.x and classified as problematic. This issue affects an unknown function. Upgrading to version 2.0.0 eliminates this vulnerability.

Field05/12/2022 12:56 PM05/14/2022 05:09 PM
vendorSkorubaSkoruba
nameIdentityServer4.AdminIdentityServer4.Admin
version<=1.x<=1.x
argumentdata-secret-valuedata-secret-value
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
identifier813813
urlhttps://github.com/skoruba/IdentityServer4.Admin/issues/813https://github.com/skoruba/IdentityServer4.Admin/issues/813
nameUpgradeUpgrade
upgrade_version2.0.02.0.0
cveCVE-2021-28290CVE-2021-28290
cve_assigned16155036001615503600
date1652306400 (05/12/2022)1652306400 (05/12/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore3.53.5
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.43.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.43.4
price_0day$0-$5k$0-$5k
cve_nvd_summaryA cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.

Do you need the next level of professionalism?

Upgrade your account now!