A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was disclosed 12/18/2022 as e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. The advisory is shared for download at github.com. This vulnerability is handled as CVE-2021-4255. The attack may be launched remotely. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1059.007. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
2 Changes · 43 Data Points