Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-4266

A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468.

Published

2022-12-21T19:15:12.803

Last Modified

2024-11-21T06:37:16.363

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-707
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachi	community_plugin_framework	< 9.5.0.0-81	Yes

References

https://github.com/siwapp/siwapp-ror/pull/365 Not Applicable ([email protected])
https://github.com/webdetails/cpf/commit/3bff900d228e8cae3af256b447c5d15bdb03c174 Patch, Third Party Advisory ([email protected])
https://github.com/webdetails/cpf/releases/tag/9.5.0.0-81 Release Notes, Third Party Advisory ([email protected])
https://vuldb.com/?id.216468 Third Party Advisory, VDB Entry ([email protected])
https://github.com/siwapp/siwapp-ror/pull/365 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/webdetails/cpf/commit/3bff900d228e8cae3af256b447c5d15bdb03c174 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/webdetails/cpf/releases/tag/9.5.0.0-81 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.216468 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)