CVE-2021-46087

{"id": "CVE-2021-46087", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-01-25T16:15:09.013", "references": [{"url": "https://github.com/jflyfox/jfinal_cms/issues/19", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/jflyfox/jfinal_cms/issues/19", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code."}, {"lang": "es", "value": "En jfinal_cms versiones posteriores a 5.1 0 incluy\u00e9ndola, se presenta una vulnerabilidad de tipo XSS de almacenamiento en el sistema de fondo del CMS. Debido a que los desarrolladores no filtran los par\u00e1metros enviados por el formulario de entrada del usuario, cualquier usuario con permiso de fondo puede afectar a la seguridad del sistema introduciendo c\u00f3digo malicioso"}], "lastModified": "2024-11-21T06:33:37.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jflyfox:jfinal_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EF2DC8E-81C2-4E53-A709-EC9490E00A3F", "versionStartIncluding": "5.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}