Lucene search

[email protected]CVE-2021-4302

HistoryJan 04, 2023 - 10:15 p.m.

CVE-2021-4302

2023-01-0422:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve

2021

4302

vulnerability

slackero

phpwcms

remote

cross-site scripting

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.0%

JSON

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is named b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419.

VendorProductVersionCPE
phpwcmsphpwcms1.9.0cpe:2.3:a:phpwcms:phpwcms:1.9.0:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.1cpe:2.3:a:phpwcms:phpwcms:1.9.1:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.2cpe:2.3:a:phpwcms:phpwcms:1.9.2:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.3cpe:2.3:a:phpwcms:phpwcms:1.9.3:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.4cpe:2.3:a:phpwcms:phpwcms:1.9.4:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.5cpe:2.3:a:phpwcms:phpwcms:1.9.5:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.6cpe:2.3:a:phpwcms:phpwcms:1.9.6:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.7cpe:2.3:a:phpwcms:phpwcms:1.9.7:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.8cpe:2.3:a:phpwcms:phpwcms:1.9.8:*:*:*:*:*:*:*
phpwcmsphpwcms1.9.9cpe:2.3:a:phpwcms:phpwcms:1.9.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpwcms	phpwcms	1.9.0	cpe:2.3:a:phpwcms:phpwcms:1.9.0:::::::*
phpwcms	phpwcms	1.9.1	cpe:2.3:a:phpwcms:phpwcms:1.9.1:::::::*
phpwcms	phpwcms	1.9.2	cpe:2.3:a:phpwcms:phpwcms:1.9.2:::::::*
phpwcms	phpwcms	1.9.3	cpe:2.3:a:phpwcms:phpwcms:1.9.3:::::::*
phpwcms	phpwcms	1.9.4	cpe:2.3:a:phpwcms:phpwcms:1.9.4:::::::*
phpwcms	phpwcms	1.9.5	cpe:2.3:a:phpwcms:phpwcms:1.9.5:::::::*
phpwcms	phpwcms	1.9.6	cpe:2.3:a:phpwcms:phpwcms:1.9.6:::::::*
phpwcms	phpwcms	1.9.7	cpe:2.3:a:phpwcms:phpwcms:1.9.7:::::::*
phpwcms	phpwcms	1.9.8	cpe:2.3:a:phpwcms:phpwcms:1.9.8:::::::*
phpwcms	phpwcms	1.9.9	cpe:2.3:a:phpwcms:phpwcms:1.9.9:::::::*

Rows per page:

1-10 of 271

References

github.com/slackero/phpwcms/commit/b39db9c7ad3800f319195ff0e26a0981395b1c54

github.com/slackero/phpwcms/releases/tag/v1.9.27

vuldb.com/?ctiid.217419

vuldb.com/?id.217419

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.0%

JSON

Related for CVE-2021-4302

prion1 osv1 cvelist1