CyberSec.Space Logo
Back to CVE Browser

CVE-2021-43810

HIGH
8.8
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile39.43th
PublishedDec 7, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.

Affected Platforms (CPE)

πŸ“¦
Admidio

Admidio

< 4.0.12

References & Advisories

πŸ”— https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21
πŸ”— https://github.com/Admidio/admidio/commit/fcb0609abc1d2f65bc1377866bd678e5d891404b
πŸ”— https://github.com/Admidio/admidio/releases/tag/v4.0.12
πŸ”— https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh
πŸ”— https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21
πŸ”— https://github.com/Admidio/admidio/commit/fcb0609abc1d2f65bc1377866bd678e5d891404b
πŸ”— https://github.com/Admidio/admidio/releases/tag/v4.0.12
πŸ”— https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh

Related Vulnerabilities

CVE-2021-326309.6

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, t...

CVE-2020-110047.7

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without ...

CVE-2017-64927.2

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is co...

CVE-2018-253705.3

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by...

CVE-2021-43810 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space