Cross-site Scripting (XSS) when redirect an url
CVE-2021-43810

8.8HIGH

Key Information:

Vendor

Admidio

Status
Admidio
Vendor
CVE Published:
7 December 2021

What is CVE-2021-43810?

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

admidio < 4.0.12

References

https://github.com/Admidio/admidio/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/Admidio/admidio/commit/c043267d362f781...
x_refsource_MISC
https://github.com/Admidio/admidio/commit/fcb0609abc1d2f6...
x_refsource_MISC

EPSS Score

62% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.