How severe is CVE-2021-25955?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2021-25955?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2021-25955

CRITICAL Year: 2021

CVSS v3 Score

9.0

Critical

CVSS v2 Score

3.5

Low

Weakness Type

CWE-79

View all →

Vulnerability Description

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account takeover of the admin and due to other vulnerability (Improper Access Control on Private notes) a low privileged user can update the private notes which could lead to privilege escalation.

CVE-2016-9470

CRITICAL

CVSS:9.0(Critical)

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables a...

CWE-792016

CVE-2019-17634

CRITICAL

CVSS:9.0(Critical)

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, op...

CWE-792019

CVE-2019-18578

CRITICAL

CVSS:9.0(Critical)

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HT...

CWE-792019

CVE-2019-18588

CRITICAL

CVSS:9.0(Critical)

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scrip...

CWE-792019

CVE-2019-3873

CRITICAL

CVSS:9.0(Critical)

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve ...

CWE-792019

CVE-2019-7551

CRITICAL

CVSS:9.0(Critical)

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could ena...

CWE-792019

CVE-2021-25955

Vulnerability Description

Related Vulnerabilities

CVE-2016-9470

CVE-2019-17634

CVE-2019-18578

CVE-2019-18588

CVE-2019-3873

CVE-2019-7551