PT-2023-12159 · Unknown · Trippo Responsivefilemanager

Hackoclipse

Publicado

2023-05-09

Atualizado

2023-05-17

CVE-2021-31711

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Trippo ResponsiveFilemanager versions 9.14.0 and earlier

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the sort by parameter in the "dialog.php" file. This enables the attacker to inject malicious scripts into the application.

Recommendations For Trippo ResponsiveFilemanager versions 9.14.0 and earlier, consider restricting access to the dialog.php file or disabling the sort by parameter to minimize the risk of exploitation until a fix is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2021-31711

Produtos afetados

Trippo Responsivefilemanager

PT-2023-12159 · Unknown · Trippo Responsivefilemanager

CVE-2021-31711

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4