CVE-2021-25791

{"id": "CVE-2021-25791", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-07-23T18:15:08.193", "references": [{"url": "https://www.exploit-db.com/exploits/49396", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.sourcecodester.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple stored cross site scripting (XSS) vulnerabilities in the \"Update Profile\" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cross site scripting (XSS) almacenadas en el m\u00f3dulo \"Update Profile\" de Online Doctor Appointment System versi\u00f3n 1.0, permiten a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de cargas \u00fatiles dise\u00f1adas en los campos de texto First Name, Last Name y Address"}], "lastModified": "2021-08-03T18:29:55.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:online_doctor_appointment_system_php_full_source_code_project:online_doctor_appointment_system_php_full_source_code:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C2CAB04-D447-44AD-873F-44CFD73CFB49"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}