CVE-2021-25990
Published
CVSS v3
5.4
MEDIUM
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.
Free, open source mental health communication web app to share experiences with loved ones
GitHub