A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is named b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419.
References
Link | Resource |
---|---|
https://github.com/slackero/phpwcms/commit/b39db9c7ad3800f319195ff0e26a0981395b1c54 | Patch |
https://github.com/slackero/phpwcms/releases/tag/v1.9.27 | Release Notes |
https://vuldb.com/?ctiid.217419 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.217419 | Permissions Required Third Party Advisory |
https://github.com/slackero/phpwcms/commit/b39db9c7ad3800f319195ff0e26a0981395b1c54 | Patch |
https://github.com/slackero/phpwcms/releases/tag/v1.9.27 | Release Notes |
https://vuldb.com/?ctiid.217419 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.217419 | Permissions Required Third Party Advisory |
Configurations
History
21 Nov 2024, 06:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/slackero/phpwcms/commit/b39db9c7ad3800f319195ff0e26a0981395b1c54 - Patch | |
References | () https://github.com/slackero/phpwcms/releases/tag/v1.9.27 - Release Notes | |
References | () https://vuldb.com/?ctiid.217419 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.217419 - Permissions Required, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 3.5 |
11 Apr 2024, 01:13
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Nov 2023, 02:21
Type | Values Removed | Values Added |
---|---|---|
CWE |
07 Nov 2023, 03:40
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
20 Oct 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is named b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419. | |
CWE |
Information
Published : 2023-01-04 22:15
Updated : 2024-11-21 06:37
NVD link : CVE-2021-4302
Mitre link : CVE-2021-4302
CVE.ORG link : CVE-2021-4302
JSON object : View
Products Affected
phpwcms
- phpwcms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')