{"vulnerability": "CVE-2021-41917", "sightings": [{"uuid": "4541dfff-7094-45a6-9496-375f4b7fe625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41917", "type": "seen", "source": "https://t.me/cibsecurity/30261", "content": "\u203c CVE-2021-41917 \u203c\n\nwebTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-08T20:40:29.000000Z"}]}