A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2022-02-11T17:40:04.786449Z

Updated: 2024-09-16T16:38:39.868Z

Reserved: 2021-11-30T00:00:00

Link: CVE-2021-4035

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-11T18:15:10.787

Modified: 2024-11-21T06:36:46.190

Link: CVE-2021-4035

cve-icon Redhat

No data.