CVE-2021-32106

low-risk
Published 2021-06-08

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Icecoder

Affected Vendors

Icecoder

References (6)

Product https://github.com/icecoder/ICEcoder
Exploit https://groups.google.com/g/icecoder/c/xcAc8_1UPxQ
Third Party Advisory https://prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scr...
Product https://github.com/icecoder/ICEcoder
Exploit https://groups.google.com/g/icecoder/c/xcAc8_1UPxQ
Third Party Advisory https://prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scr...
27
/ 100
low-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal