Lucene search

[email protected]CVE-2021-43675

HistoryDec 15, 2021 - 4:15 p.m.

CVE-2021-43675

2021-12-1516:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-43675

lychee-v3

cross site scripting

xss

php

access

guest.php

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.0%

JSON

Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.

Affected configurations

NVD

Node

lycheeorglycheeMatch3.2.16

CPENameOperatorVersion
lycheeorg:lycheelycheeorg lycheeeq3.2.16

CPE	Name	Operator	Version
lycheeorg:lychee	lycheeorg lychee	eq	3.2.16

References

github.com/LycheeOrg/Lychee

github.com/LycheeOrg/Lychee-v3

github.com/LycheeOrg/LycheeOrg.github.io/blob/master/docs/releases.md#v3216

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.0%

JSON

Related for CVE-2021-43675

prion1 cnvd1 osv1 cvelist1 nvd1