Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-4271
HistoryDec 21, 2022 - 7:15 p.m.

CVE-2021-4271

2022-12-2119:15:13
CWE-707
CWE-79
[email protected]
web.nvd.nist.gov
4
panicsteve w2wiki
cross site scripting
tohtml function
remote attack
patch
vdb-216476

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.6%

JSON

A vulnerability was found in panicsteve w2wiki. It has been rated as problematic. Affected by this issue is the function toHTML of the file index.php of the component Markdown Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8f1d0470b4ddb1c7699e3308e765c11ed29542b6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216476.

Affected configurations

Nvd
Node
w2wiki_projectw2wikiMatch-
VendorProductVersionCPE
w2wiki_projectw2wiki-cpe:2.3:a:w2wiki_project:w2wiki:-:*:*:*:*:*:*:*

Related

osv 1
prion 1
cve 1
cvelist 1
osv
osv
CVE-2021-4271
2022-12-21 19:15:13
prion
prion
Cross site scripting
2022-12-21 19:15:00
cve
cve
CVE-2021-4271
2022-12-21 19:15:13
cvelist
cvelist
CVE-2021-4271 panicsteve w2wiki Markdown index.php toHTML cross site scripting
2022-12-21 00:00:00

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.6%

JSON
Related for NVD:CVE-2021-4271
osv1prion1cve1cvelist1