Back to search
CVE-2021-44042
Published: Dec 14, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://docs.uipath.com/robot/docs/uipath-assistant
x_refsource_MISC
https://docs.uipath.com/robot/docs/release-notes-2021-10-4
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now