Lucene search

[email protected]CVE-2021-43682

HistoryDec 02, 2021 - 2:15 p.m.

CVE-2021-43682

2021-12-0214:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-43682

thinkphp-bjyblog

xss vulnerability

adminbasecontroller

security advisory

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

34.2%

JSON

thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $_SERVER[‘HTTP_HOST’].

Affected configurations

NVD

Node

thinkphp-bjyblog_projectthinkphp-bjyblogMatch-

CPENameOperatorVersion
thinkphp-bjyblog_project:thinkphp-bjyblogthinkphp-bjyblog project thinkphp-bjyblogeq-

CPE	Name	Operator	Version
thinkphp-bjyblog_project:thinkphp-bjyblog	thinkphp-bjyblog project thinkphp-bjyblog	eq	-

References

github.com/baijunyao/thinkphp-bjyblog/issues/6

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

34.2%

JSON

Related for CVE-2021-43682

prion1 nvd1 cvelist1