CVE-2021-43810

Опубликовано: 07 дек. 2021

Источник: nvd

CVSS3: 8.8

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.

Ссылки

https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21
Patch
Third Party Advisory
https://github.com/Admidio/admidio/commit/fcb0609abc1d2f65bc1377866bd678e5d891404b
Patch
Third Party Advisory
https://github.com/Admidio/admidio/releases/tag/v4.0.12
Patch
Release Notes
Third Party Advisory
https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh
Third Party Advisory
https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21
Patch
Third Party Advisory
https://github.com/Admidio/admidio/commit/fcb0609abc1d2f65bc1377866bd678e5d891404b
Patch
Third Party Advisory
https://github.com/Admidio/admidio/releases/tag/v4.0.12
Patch
Release Notes
Third Party Advisory
https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*

Версия до 4.0.12 (исключая)

EPSS

Процентиль: 98%

0.62973

Средний

8.8 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

EPSS

Процентиль: 98%

0.62973

Средний

8.8 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79