Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-30134
HistoryDec 26, 2022 - 7:15 a.m.

CVE-2021-30134

2022-12-2607:15:11
CWE-79
[email protected]
web.nvd.nist.gov
3
php curl wrapper
xss vulnerability
post_file_path_upload.php
post_multidimensional.php

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

38.2%

JSON

php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.

Affected configurations

Nvd
Node
php_curl_class_projectphp_curl_classRange<2.3.2
Node
ht_slider_range_for_amazon_affiliates_projectht_slider_range_for_amazon_affiliatesRange<1.1.6wordpress
Node
qiwiwoo-qiwi-payment-gatewayRange0.0.9wordpress
Node
teamleadeteamleader_crm_formsRange<2.1.0wordpress
Node
ptwoopluginsinvoicing_with_invoicexpress_for_woocommerceRange<3.0.3wordpress
Node
shopello_api_projectshopello_apiRange2.9.0wordpress
VendorProductVersionCPE
php_curl_class_projectphp_curl_class*cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*
ht_slider_range_for_amazon_affiliates_projectht_slider_range_for_amazon_affiliates*cpe:2.3:a:ht_slider_range_for_amazon_affiliates_project:ht_slider_range_for_amazon_affiliates:*:*:*:*:*:wordpress:*:*
qiwiwoo-qiwi-payment-gateway*cpe:2.3:a:qiwi:woo-qiwi-payment-gateway:*:*:*:*:*:wordpress:*:*
teamleadeteamleader_crm_forms*cpe:2.3:a:teamleade:teamleader_crm_forms:*:*:*:*:*:wordpress:*:*
ptwoopluginsinvoicing_with_invoicexpress_for_woocommerce*cpe:2.3:a:ptwooplugins:invoicing_with_invoicexpress_for_woocommerce:*:*:*:*:*:wordpress:*:*
shopello_api_projectshopello_api*cpe:2.3:a:shopello_api_project:shopello_api:*:*:*:*:*:wordpress:*:*

Related

osv 2
cve 1
patchstack 5
github 1
nuclei 1
wpexploit 1
cvelist 1
wpvulndb 1
prion 1
osv
osv
CVE-2021-30134
2022-12-26 07:15:11
php-mod/curl allows Cross-site Scripting
2022-12-26 09:30:26
cve
cve
CVE-2021-30134
2022-12-26 07:15:11
patchstack
patchstack
WordPress HT Slider Range for Amazon affiliates plugin <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
2021-04-16 00:00:00
WordPress Invoicing with InvoiceXpress for WooCommerce plugin <= 3.0.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
2021-04-16 00:00:00
WordPress QIWI for WooCommerce plugin <= 0.0.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
2021-04-16 00:00:00
github
github
php-mod/curl allows Cross-site Scripting
2022-12-26 09:30:26
nuclei
nuclei
Php-mod/curl Library <2.3.2 - Cross-Site Scripting
2023-02-16 05:05:10
wpexploit
wpexploit
Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-04-16 00:00:00
cvelist
cvelist
CVE-2021-30134
2022-12-26 00:00:00
wpvulndb
wpvulndb
Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-04-16 00:00:00
prion
prion
Design/Logic Flaw
2022-12-26 07:15:00

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

38.2%

JSON
Related for NVD:CVE-2021-30134
osv2cve1patchstack5github1nuclei1wpexploit1cvelist1wpvulndb1prion1