WS-2023-0285 | Mend Vulnerability Database

Vulnerability DatabaseWS-2023-0285

WS-2023-0285

Published:May 15, 2026

Updated:May 15, 2026

Cross-site Scripting (XSS) - Reflected in GitHub repository admidio/admidio prior to 4.2.11.

Affected Packages

admidio/admidio (PHP):

Affected version(s) >=dev-improve-version-update <dev-integrate-mysqldump-php

Fix Suggestion:

Update to version dev-integrate-mysqldump-php

admidio/admidio (PHP):

Affected version(s) =dev-master <dev-move-libs-folder

Fix Suggestion:

Update to version dev-move-libs-folder

admidio/admidio (PHP):

Affected version(s) =dev-notification-email-with-link <dev-overview-plugins-html

Fix Suggestion:

Update to version dev-overview-plugins-html

admidio/admidio (PHP):

Affected version(s) =dev-improve-composer-integration <dev-improve-language-session-handling

Fix Suggestion:

Update to version dev-improve-language-session-handling

admidio/admidio (PHP):

Affected version(s) >=dev-documents-show-roles-with-rights <dev-feature-required-fields-at-registration

Fix Suggestion:

Update to version dev-feature-required-fields-at-registration

admidio/admidio (PHP):

Affected version(s) =dev-add-profile-field-linkedin <dev-convert-existing-modules

Fix Suggestion:

Update to version dev-convert-existing-modules

Related Resources (1)

https://github.com/admidio/admidio/commit/a9955bc1290e45311d2f89c4149f02c94b51644b

Do you need more information?

CVSS v4

Base Score:

5.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE