Home > Vulnerability Database > CVE-2021-43810

Mend.io Vulnerability Database

CVE-2021-43810

Good to know:

Date: December 7, 2021

Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.

Language: PHP

Severity Score

8.8

Related Resources (6)

Url: https://github.com/Admidio/admidio/commit/fcb0609abc1d2f65bc1377866bd678e5d891404b

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-43810

Url: https://github.com/Admidio/admidio/releases/tag/v4.0.12

Url: https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21

Url: https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh

Url: https://www.mend.io/vulnerability-database/CVE-2021-43810

Severity Score

8.8

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v4.0.12

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-43810

Good to know:

Date: December 7, 2021

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?