CVE-2021-4251

A vulnerability classified as problematic was found in as. This vulnerability affects the function getFullURL of the file include.cdn.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 4acad1e3d2c34c017473ceea442fb3e3e078b2bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216208.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd	Patch Third Party Advisory
https://vuldb.com/?id.216208	Third Party Advisory
https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd	Patch Third Party Advisory
https://vuldb.com/?id.216208	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:as_project:as:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:37

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : 3.5
References	~~() https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd - Patch, Third Party Advisory~~	() https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd - Patch, Third Party Advisory
References	~~() https://vuldb.com/?id.216208 - Third Party Advisory~~	() https://vuldb.com/?id.216208 - Third Party Advisory
Summary		(es) Una vulnerabilidad fue encontrada en as y clasificada como problemática. Esta vulnerabilidad afecta a la función getFullURL del archivo include.cdn.php. La manipulación conduce a Cross-Site Scripting. El ataque se puede iniciar de forma remota. El nombre del parche es 4acad1e3d2c34c017473ceea442fb3e3e078b2bd. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-216208.

Information

Published : 2022-12-18 22:15

Updated : 2024-11-21 06:37

NVD link : CVE-2021-4251

Mitre link : CVE-2021-4251

CVE.ORG link : CVE-2021-4251

JSON object : View

Products Affected

as_project

as

CWE

CWE-707

Improper Neutralization

{"id": "CVE-2021-4251", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-12-18T22:15:10.167", "references": [{"url": "https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd", "tags": ["Patch", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.216208", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.216208", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-707"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in as. This vulnerability affects the function getFullURL of the file include.cdn.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 4acad1e3d2c34c017473ceea442fb3e3e078b2bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216208."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en as y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n getFullURL del archivo include.cdn.php. La manipulaci\u00f3n conduce a Cross-Site Scripting. El ataque se puede iniciar de forma remota. El nombre del parche es 4acad1e3d2c34c017473ceea442fb3e3e078b2bd. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-216208."}], "lastModified": "2024-11-21T06:37:14.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:as_project:as:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F248945C-5520-4F03-9245-2DA75C60C18A", "versionEndExcluding": "2021-11-03"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}