exploitDog

CVE-2021-40909

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 9.6

CVSS2: 6.8

EPSS Низкий

Описание

Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.

Ссылки

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-10-09102021
Exploit
Third Party Advisory
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-10-09102021
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php_crud_without_refresh\/reload_using_ajax_and_datatables_tutorial_project:php_crud_without_refresh\/reload_using_ajax_and_datatables_tutorial:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01397

Низкий

9.6 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vqxh-g4gf-cp2w

github

около 4 лет назад

Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.

EPSS

Процентиль: 80%

0.01397

Низкий

9.6 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-79