CVE-2021-25990

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-25990

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25990.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-25990

Published

2021-12-29T09:15:09.363Z

Modified

2025-11-14T11:32:15.350272Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.

References

Affected packages

Git / github.com/ifmeorg/ifme

Affected ranges

Type: GIT
Repo: https://github.com/ifmeorg/ifme
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

83fd44ef8921a8dcf394a012e44901ab08596bdc

Affected versions

1.*

1.0.0

v.*

v.3.5.0

v.7.31.2

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v2.*

v2.0.0

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.2.0

v3.3.0

v3.3.1

v3.4.0

v3.4.1

v3.4.2

v3.5.0

v4.*

v4.0.0

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v5.*

v5.0.0

v5.0.1

v5.1.0

v5.2.0

v5.2.1

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.1.0

v6.1.1

v6.1.2

v6.10.0

v6.10.1

v6.11.0

v6.12.0

v6.13.0

v6.14.0

v6.15.0

v6.16.0

v6.17.0

v6.18.0

v6.19.0

v6.2.0

v6.2.1

v6.3.0

v6.4.0

v6.5.0

v6.5.1

v6.5.2

v6.6.0

v6.7.0

v6.7.1

v6.8.0

v6.9.0

v6.9.1

v7.*

v7.0.0

v7.1.0

v7.10.0

v7.10.1

v7.10.2

v7.10.3

v7.10.4

v7.10.5

v7.10.6

v7.10.7

v7.10.8

v7.10.9

v7.11.0

v7.12.0

v7.12.1

v7.12.2

v7.12.3

v7.12.4

v7.12.5

v7.12.6

v7.12.7

v7.12.8

v7.12.9

v7.13.0

v7.13.1

v7.13.2

v7.13.3

v7.13.4

v7.13.5

v7.13.6

v7.13.7

v7.14.0

v7.14.1

v7.14.2

v7.14.3

v7.15.0

v7.15.1

v7.15.2

v7.15.3

v7.15.4

v7.15.5

v7.16.0

v7.16.1

v7.17.0

v7.18.0

v7.18.1

v7.18.2

v7.19.0

v7.19.1

v7.19.2

v7.19.3

v7.2.0

v7.20.0

v7.20.1

v7.21.0

v7.21.1

v7.22.0

v7.22.1

v7.22.2

v7.22.3

v7.22.4

v7.22.5

v7.23.0

v7.23.1

v7.24.0

v7.24.1

v7.24.2

v7.24.3

v7.24.4

v7.24.5

v7.24.6

v7.24.7

v7.24.8

v7.24.9

v7.25.0

v7.25.1

v7.25.2

v7.25.3

v7.25.4

v7.26.0

v7.26.1

v7.26.2

v7.26.3

v7.27.0

v7.27.1

v7.28.0

v7.29.0

v7.29.1

v7.29.2

v7.29.3

v7.29.4

v7.3.0

v7.30.0

v7.30.1

v7.30.10

v7.30.11

v7.30.12

v7.30.13

v7.30.2

v7.30.3

v7.30.4

v7.30.5

v7.30.6

v7.30.7

v7.30.8

v7.30.9

v7.31.0

v7.31.1

v7.31.2

v7.31.3

v7.31.4

v7.4.0

v7.4.1

v7.5.0

v7.6.0

v7.7.0

v7.7.1

v7.8.0

v7.8.1

v7.8.2

v7.8.3

v7.8.4

v7.8.5

v7.8.6

v7.8.7

v7.8.8

v7.9.0

v7.9.1

v7.9.2

v7.9.3

v7.9.4

v7.9.5

v7.9.6

v7.9.7

v7.9.8

v7.9.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25990.json"