Nelson Silva

1 exploit Active since Jan 2023
CVE-2021-32828 WRITEUP MEDIUM WRITEUP
Nuxeo < 11.5.109 - Reflected Cross-Site Scripting and Remote Code Execution via OAuth2 REST API
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.
CVSS 5.4