PT-2023-12407 · Shannah · Xataface
Shannah
·
Publicado
2023-01-05
·
Atualizado
2024-05-17
·
CVE-2021-4303
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
shannah Xataface versions up to 2.x
Description
A problematic issue has been found in the function
testftp of the file install/install form.js.php of the component Installer, leading to cross site scripting. The attack may be launched remotely, with a rather high complexity and difficult exploitation. Upgrading to version 3.0.0 can address this issue.Recommendations
For shannah Xataface versions up to 2.x, upgrade to version 3.0.0 to address the issue. As a temporary workaround, consider disabling the
testftp function of the Installer component until the upgrade is applied. Note that the Installer is disabled by default.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xataface