Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.
References
Link | Resource |
---|---|
http://vicidial.com | Product |
https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=2&t=41634 | Vendor Advisory |
http://vicidial.com | Product |
https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=2&t=41634 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:12
Type | Values Removed | Values Added |
---|---|---|
References | () http://vicidial.com - Product | |
References | () https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=2&t=41634 - Vendor Advisory |
13 Mar 2023, 18:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:vicidial:vicidial:2.14-597c:191114-0949:*:*:*:*:*:* cpe:2.3:a:vicidial:vicidial:2.9-401c:140612-1626:*:*:*:*:*:* cpe:2.3:a:vicidial:vicidial:2.14-610c:200528-2239:*:*:*:*:*:* cpe:2.3:a:vicidial:vicidial:2.10-415c:140918-1606:*:*:*:*:*:* |
|
References | (MISC) http://vicidial.com - Product | |
References | (MISC) https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=2&t=41634 - Vendor Advisory | |
CWE | CWE-79 |
07 Mar 2023, 13:54
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-06 20:15
Updated : 2024-11-21 06:12
NVD link : CVE-2021-35377
Mitre link : CVE-2021-35377
CVE.ORG link : CVE-2021-35377
JSON object : View
Products Affected
vicidial
- vicidial
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')