Headline
CVE-2021-32853: erxes/widget.ejs at f131b49add72032650d483f044d00658908aaf4a · erxes/erxes
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.
Permalink
1 contributor
Users who have contributed to this file
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title></title>
</head>
<body>
<script>
window.erxesEnv = <%- env %>;
<% if (locals.kbTopicId) { %>
window.knowledgebaseSettings = {
topic_id: “<%- kbTopicId %>”
}
<% } %>
</script>
<div id="root">
</div>
<script src="<%= JSON.parse(env).ROOT_URL %>/build/<%= type %>.bundle.js"></script>
</body>
</html>
Related news
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in all versions. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.