PT-2022-12797 · Vicidial · Vicidial

Zeyad-Azima

Published

2022-02-15

Updated

2022-02-19

CVE-2021-46557

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Vicidial version 2.14-783a

Description A cross-site scripting (XSS) issue was found in Vicidial via the input tabs. This allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access or control.

Recommendations For Vicidial version 2.14-783a, as a temporary workaround, consider restricting access to the input tabs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-46557

Affected Products

Vicidial

PT-2022-12797 · Vicidial · Vicidial

CVE-2021-46557

Weakness Enumeration

Related Identifiers

Affected Products

References · 5