cvedb.io
CVE-2021-45888
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2022-03-13T02:15:07.207 · Last modified 2026-06-17T04:14:11.890

Summary

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.

Affected products

ponton — x\/p_messenger

Does this affect you?

Add your gear to cvedb and we'll alert you only when ponton ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.