XSS Vulnerability in Lychee-v3 Versions by LycheeOrg
CVE-2021-43675

6.1MEDIUM

Key Information:

Vendor

Lycheeorg

Status
Lychee
Vendor
CVE Published:
15 December 2021

What is CVE-2021-43675?

The Lychee-v3 3.2.16 version is susceptible to a Cross Site Scripting (XSS) vulnerability found in the php/Access/Guest.php file. This vulnerability occurs when the application improperly handles user-controlled album IDs, allowing attackers to inject malicious scripts. When the script is terminated using the exit function, the message displayed to the user may contain the manipulated album ID. This creates an opportunity for attackers to execute arbitrary scripts in the context of the user's browser, potentially compromising user data and session information. Immediate attention to this vulnerability is crucial for safeguarding user interactions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/LycheeOrg/Lychee
x_refsource_MISC
https://github.com/LycheeOrg/Lychee-v3
x_refsource_MISC
https://github.com/LycheeOrg/LycheeOrg.github.io/blob/mas...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.