Vulnerabilities > Irislink

DATE CVE VULNERABILITY TITLE RISK
2021-07-06 CVE-2021-27930 Cross-site Scripting vulnerability in Irislink Irisnext 9.5.16
Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE).
network
low complexity
irislink CWE-79
5.4