CVE-2021-33348

{"id": "CVE-2021-33348", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-06-24T15:15:08.297", "references": [{"url": "https://github.com/jfinal/jfinal/issues/188", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/jfinal/jfinal/issues/188", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in JFinal framework v4.9.10 and below. The \"set\" method of the \"Controller\" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases."}, {"lang": "es", "value": "Se ha detectado un problema en JFinal framework versi\u00f3n v4.9.10 y posteriores. El m\u00e9todo \"set\" de la clase \"Controller\" de jfinal framework no est\u00e1 estrictamente filtrado, lo que conlleva a vulnerabilidades de tipo XSS en algunos casos"}], "lastModified": "2024-11-21T06:08:44.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jfinal:jfinal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A006872-9B30-4089-89C8-00449B593C94", "versionEndIncluding": "4.9.10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}