返回 CVE 浏览器

CVE-2021-3340

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1300%

EPSS Percentile7.90th

Published2021年2月1日

Last Modified2024年11月21日

Vulnerability Description

A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.

Affected Platforms (CPE)

📦

Wikindx Project

Wikindx

< 5.7.0

📦

Wikindx Project

Wikindx

>= 6.0.0 and <= 6.4.0

References & Advisories

🔗 https://sourceforge.net/p/wikindx/news/2021/01/wikindx-v641-released/

🔗 https://sourceforge.net/projects/wikindx/

🔗 https://sourceforge.net/p/wikindx/news/2021/01/wikindx-v641-released/

🔗 https://sourceforge.net/projects/wikindx/

相关漏洞威胁

CVE-2007-327710.0

Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capa...

CVE-2019-99616.1

A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version...

CVE-2019-129306.1

A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8...

CVE-2019-135886.1

A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote atta...