Published: 26/04/2021 Updated: 30/04/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.

Vulnerable Product	Search on Vulmon	Subscribe to Product

CVE's we discovered along the way

cves CVE's we discovered along the way CVE-2020-12772 An NTLM hash leak in the Spark XMPP client and ROAR Module CVE-2020-24364 An injection/remote code executiuon in MineTime CVE-2021-28079 Jamovi <=1618 is affected by a cross-site scripting (XSS) vulnerability @theart42 & @4nqr34z @theart42 & @4nqr34z

POC Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.

CVE-2021-28079 - POC Jamovi <=1618 is affected by a cross-site scripting (XSS) vulnerability The column-name is vulnerable to XSS in the ElectronJS Framework An attacker can make a omv (Jamovi) document containing a payload When opened by victim, the payload is triggered 🔥\> file exampleomv exampleomv: Zip archive data, at least v20 to extract

CWE-79 https://www.jamovi.org https://github.com/theart42/cves/blob/master/CVE-2021-28079/CVE-2021-28079.md https://nvd.nist.gov https://github.com/theart42/cves

CVE-2021-28079

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect