Cross Site Scripting Vulnerability in VICIdial by VICIdial Group
CVE-2021-35377
6.1MEDIUM
What is CVE-2021-35377?
A Cross Site Scripting (XSS) vulnerability has been identified in VICIdial, specifically affecting versions v2.14-610c and v2.10-415c. This vulnerability allows attackers to inject arbitrary code into the application by manipulating parameters in specific files, including /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php. Exploitation of this vulnerability could lead to unauthorized access and control over user sessions, posing a significant risk to data integrity and security.