CVE-2021-43810

{"id": "CVE-2021-43810", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-12-07T22:15:06.997", "references": [{"url": "https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Admidio/admidio/commit/fcb0609abc1d2f65bc1377866bd678e5d891404b", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Admidio/admidio/releases/tag/v4.0.12", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12."}, {"lang": "es", "value": "Admidio es un sistema gratuito de administraci\u00f3n de usuarios de c\u00f3digo abierto para sitios web de organizaciones y grupos. Se presenta una vulnerabilidad de tipo cross-site scripting en Admidio versiones anteriores a 4.0.12. La vulnerabilidad de tipo XSS reflejada se produce porque el archivo redirect.php no comprueba correctamente el valor del par\u00e1metro url. Mediante esta vulnerabilidad, un atacante es capaz de ejecutar scripts maliciosos. Este problema est\u00e1 parcheado en la versi\u00f3n 4.0.12"}], "lastModified": "2021-12-09T19:44:54.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49D9EA34-4C02-4E67-866C-144321A50907", "versionEndExcluding": "4.0.12"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}