Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/165684/WebACMS-2.1.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2022/Jan/41 | Exploit Mailing List Third Party Advisory |
https://blog.to.com/advisory-webacms-2-1-0-cross-site-scripting/ | Exploit Third Party Advisory |
https://www.afi-solutions.com/ | Vendor Advisory |
https://www.to.com | Not Applicable |
http://packetstormsecurity.com/files/165684/WebACMS-2.1.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2022/Jan/41 | Exploit Mailing List Third Party Advisory |
https://blog.to.com/advisory-webacms-2-1-0-cross-site-scripting/ | Exploit Third Party Advisory |
https://www.afi-solutions.com/ | Vendor Advisory |
https://www.to.com | Not Applicable |
Configurations
History
21 Nov 2024, 06:31
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/165684/WebACMS-2.1.0-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2022/Jan/41 - Exploit, Mailing List, Third Party Advisory | |
References | () https://blog.to.com/advisory-webacms-2-1-0-cross-site-scripting/ - Exploit, Third Party Advisory | |
References | () https://www.afi-solutions.com/ - Vendor Advisory | |
References | () https://www.to.com - Not Applicable |
10 Feb 2022, 07:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/165684/WebACMS-2.1.0-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry |
25 Jan 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jan 2022, 15:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:afi-solutions:webacms:*:*:*:*:*:*:*:* | |
References | (MISC) https://blog.to.com/advisory-webacms-2-1-0-cross-site-scripting/ - Exploit, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Jan/41 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://www.afi-solutions.com/ - Vendor Advisory | |
References | (MISC) https://www.to.com - Not Applicable | |
CWE | CWE-79 |
25 Jan 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2022, 17:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-20 17:15
Updated : 2024-11-21 06:31
NVD link : CVE-2021-44829
Mitre link : CVE-2021-44829
CVE.ORG link : CVE-2021-44829
JSON object : View
Products Affected
afi-solutions
- webacms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')