CVE-2021-27308

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions 4images version 1.8

Description A cross-site scripting (XSS) issue exists in the admin login panel, allowing remote attackers to inject JavaScript via the redirect parameter.

Recommendations For 4images version 1.8, consider restricting access to the admin login panel until a fix is available, and avoid using the redirect parameter in the affected API endpoint.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-RUM-2021-27308

CVE-2021-27308

Affected Products

4Images

CVE-2021-27308

Weakness Enumeration

Related Identifiers

Affected Products

References · 8