Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2021-38699

Published: 15/08/2021 Updated: 18/10/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tastyigniter tastyigniter 3.0.7

Exploits

Exploit DB: TastyIgniter 3.0.7 Cross Site Scripting
TastyIgniter version 307 suffers from a persistent cross site scripting vulnerability ...

Github Repositories

https://github.com/HuskyHacks/CVE-2021-38699-Stored-XSS

Stored XSS in TastyIgniter v3.0.7 Restaurtant CMS

CVE-2021-38699: Stored XSS in TastyIgniter v307 Restaurtant CMS Stored authenticated cross-site scripting exists in the in TastyIgniter v307 Restaurtant CMS System Logs section of the web application cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-38699 POC Execute reflective cross site scripting elsewhere in the web app (see githubcom/HuskyHacks/CVE-2021

https://github.com/HuskyHacks/HuskyHacks

Hi! I'm Matt, aka HuskyHacks πŸ‘‹ Mission Things that I love: πŸ“• Teaching πŸ–₯️ Hacking πŸ“•πŸ–₯️ Teaching Hacking 😸 My cats, Cosmo and Kiki πŸ“’ Learning stuff 🌎 Publishing open source πŸ¦‡ The Dracula Theme Where I've Been βš”οΈ USMC (Intel, IT Admin) πŸ§ͺ MIT Lincoln Laboratory (Lead Cybersecurity Analyst, Space Systems and Technology Resea

https://github.com/HuskyHacks/CVE-2021-38699-Reflected-XSS

Multiple Reflected XSS in TastyIgniter v3.0.7 Restaurtant CMS

CVE-2021-38699 : Multiple Reflected XSS in TastyIgniter v307 Restaurtant CMS Authenticated reflected XSS exists in the TastyIgniter Admin dashboard in version 307 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-38699 POC: Admin dashboard start param: POST cvefarmlocal/admin/dashboard HTTP/11 User-Agent: Mozilla/50 (X11; Linux x86_64; rv:780) Gecko/201001

https://github.com/Justin-1993/CVE-2021-38699

TastyIgniter 3.0.7 allows XSS via the name field during user-account creation

CVE-2021-38699 TastyIgniter 307 allows XSS via the name field during user-account creation A Stored Cross Site Scripting Vulnerability exists in multiple pages of TastyIgniter v307 that allows for arbitrary execution of JavaScript cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-38699 Vulnerable Pages: /account, /reservation, /admin/dashboard, /admin/system_logs Vu

References

CWE-79https://github.com/Justin-1993/CVE-2021-38699https://tastyigniter.com/supporthttps://pentesternotes.com/?p=209http://packetstormsecurity.com/files/163843/TastyIgniter-3.0.7-Cross-Site-Scripting.htmlhttps://github.com/HuskyHacks/CVE-2021-38699-Reflected-XSShttps://github.com/HuskyHacks/CVE-2021-38699-Stored-XSShttps://nvd.nist.govhttps://packetstormsecurity.com/files/163843/TastyIgniter-3.0.7-Cross-Site-Scripting.htmlhttps://github.com/HuskyHacks/CVE-2021-38699-Stored-XSS
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camerabypassCVE-2024-3592CVE-2024-37383CVE-2024-24919CVE-2024-27822CVE-2024-36788CVE-2024-36789man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook