CVE-2021-35377

{"id": "CVE-2021-35377", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-03-06T20:15:09.497", "references": [{"url": "http://vicidial.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=2&t=41634", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters."}], "lastModified": "2023-03-13T18:46:09.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vicidial:vicidial:2.9-401c:140612-1626:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BC258B2-56BC-4695-8014-D520DF82439B"}, {"criteria": "cpe:2.3:a:vicidial:vicidial:2.10-415c:140918-1606:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EDDE441-9864-4C0A-A342-8CBA5655C3D5"}, {"criteria": "cpe:2.3:a:vicidial:vicidial:2.14-597c:191114-0949:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F042CF37-57C4-44B8-8D0E-CDE3430F0CD4"}, {"criteria": "cpe:2.3:a:vicidial:vicidial:2.14-610c:200528-2239:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0801E19A-9EB7-4CF5-9C0C-6012192353DE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}