CVE-2021-44310

Published: Mar 30, 2022Modified: Jun 17, 2026

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.

Affected (1)

Products: Firmware Analysis And Comparison Tool Project: Firmware Analysis And Comparison Tool

Firmware Analysis And Comparison Tool Project

1 product

Firmware Analysis And Comparison Tool

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Firmware Analysis And Comparison Tool Project Firmware Analysis And Comparison Tool	Version 3.2

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://brainy-sternum-995.notion.site/CVE-2021-44310-Reserved-e9efc897f9944464b8807d44c6fc21df

Source: cve@mitre.org

ExploitThird Party Advisory

https://brainy-sternum-995.notion.site/CVE-2021-44310-Reserved-e9efc897f9944464b8807d44c6fc21df

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.