CVE-2021-42078

Sažetak

PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.

Reference

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-049.txt
http://seclists.org/fulldisclosure/2021/Nov/24

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-11-2021 - 22:07

Objavljeno

08-11-2021 - 05:15