Lucene search

[email protected]NVD:CVE-2021-43675

HistoryDec 15, 2021 - 4:15 p.m.

CVE-2021-43675

2021-12-1516:15:07

CWE-79

[email protected]

web.nvd.nist.gov

lychee-v3 3.2.16

cross site scripting

xss vulnerability

php/access/guest.php

exit function

albumid controlled by user

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.1%

JSON

Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.

Affected configurations

Nvd

Node

lycheeorglycheeMatch3.2.16

VendorProductVersionCPE
lycheeorglychee3.2.16cpe:2.3:a:lycheeorg:lychee:3.2.16:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lycheeorg	lychee	3.2.16	cpe:2.3:a:lycheeorg:lychee:3.2.16:::::::*

References

github.com/LycheeOrg/Lychee

github.com/LycheeOrg/Lychee-v3

github.com/LycheeOrg/LycheeOrg.github.io/blob/master/docs/releases.md#v3216

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.1%

JSON

Related for NVD:CVE-2021-43675

prion1 cve1 cnvd1 cvelist1 osv1