CyberSec.Space Logo
Back to CVE Browser

CVE-2021-3340

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile7.90th
PublishedFeb 1, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.

Affected Platforms (CPE)

πŸ“¦
Wikindx Project

Wikindx

< 5.7.0
πŸ“¦
Wikindx Project

Wikindx

>= 6.0.0 and <= 6.4.0

References & Advisories

πŸ”— https://sourceforge.net/p/wikindx/news/2021/01/wikindx-v641-released/
πŸ”— https://sourceforge.net/projects/wikindx/
πŸ”— https://sourceforge.net/p/wikindx/news/2021/01/wikindx-v641-released/
πŸ”— https://sourceforge.net/projects/wikindx/

Related Vulnerabilities

CVE-2007-327710.0

Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capa...

CVE-2019-99616.1

A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version...

CVE-2019-129306.1

A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8...

CVE-2019-135886.1

A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote atta...