PT-2022-11659 · Webdetails · Webdetails Cpf
Sonic182
·
Published
2022-12-21
·
Updated
2022-12-28
·
CVE-2021-4266
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Webdetails cpf versions up to 9.5.0.0-80
Description
A vulnerability has been found in Webdetails cpf, where the manipulation of the
baseUrl argument leads to cross-site scripting. This issue can be launched remotely.Recommendations
For versions up to 9.5.0.0-80, upgrade to version 9.5.0.0-81 to address this issue. As a temporary workaround, consider restricting the manipulation of the
baseUrl argument to minimize the risk of exploitation.Fix
XSS
Improper Neutralization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Webdetails Cpf