Vulnerabilities > IF ME > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-29 | CVE-2021-25988 | Cross-site Scripting vulnerability in If-Me Ifme In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin. | 5.4 |
| 2021-12-29 | CVE-2021-25989 | Cross-site Scripting vulnerability in If-Me Ifme In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. | 5.4 |
| 2021-12-29 | CVE-2021-25990 | Cross-site Scripting vulnerability in If-Me Ifme In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe. | 5.4 |