CVE-2021-4303 - OpenCVE

A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 3.0.0 is able to address this issue. The patch is identified as 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity High

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:M/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Xataface Project	Xataface

Configuration 1 [-]

cpe:2.3:a:xataface_project:xataface:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/shannah/xataface/commit/94143a4299e386f33bf582139cd4702571d93bde	Patch Third Party Advisory
https://github.com/shannah/xataface/releases/tag/3.0.0	Third Party Advisory
https://vuldb.com/?ctiid.217442	Permissions Required Third Party Advisory
https://vuldb.com/?id.217442	Permissions Required Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-01-05T08:44:52.943Z

Updated: 2023-10-20T13:37:05.982Z

Reserved: 2023-01-05T08:43:33.621Z

Link: CVE-2021-4303

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-05T09:15:08.647

Modified: 2024-05-17T02:03:33.790

Link: CVE-2021-4303

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2021-4303", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-01-05T08:43:33.621Z", "datePublished": "2023-01-05T08:44:52.943Z", "dateUpdated": "2023-10-20T13:37:05.982Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T13:37:05.982Z"}, "title": "shannah Xataface Installer install_form.js.php testftp cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "shannah", "product": "Xataface", "versions": [{"version": "2.x", "status": "affected"}], "modules": ["Installer"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 3.0.0 is able to address this issue. The patch is identified as 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in shannah Xataface bis 2.x entdeckt. Dies betrifft die Funktion testftp der Datei install/install_form.js.php der Komponente Installer. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Ein Aktualisieren auf die Version 3.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 94143a4299e386f33bf582139cd4702571d93bde bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:N/AC:H/Au:M/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-01-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-01-05T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-01-05T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-01-28T14:43:43.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.217442", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.217442", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/shannah/xataface/commit/94143a4299e386f33bf582139cd4702571d93bde", "tags": ["patch"]}, {"url": "https://github.com/shannah/xataface/releases/tag/3.0.0", "tags": ["patch"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xataface_project:xataface:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FDDAE35-CCE9-495D-BF9E-AEF85E89B89F", "versionEndExcluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 3.0.0 is able to address this issue. The patch is identified as 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en shannah Xataface hasta 2.x y se ha clasificado como problem\u00e1tica. La funci\u00f3n testftp del archivo install/install_form.js.php del componente Installer es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross-site scripting. El ataque puede lanzarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. La actualizaci\u00f3n a la versi\u00f3n 3.0.0 puede solucionar este problema. El parche se identifica como 94143a4299e386f33bf582139cd4702571d93bde. Se recomienda actualizar el componente afectado. VDB-217442 es el identificador asignado a esta vulnerabilidad. NOTA: El instalador est\u00e1 deshabilitado de forma predeterminada."}], "id": "CVE-2021-4303", "lastModified": "2024-05-17T02:03:33.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-01-05T09:15:08.647", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/shannah/xataface/commit/94143a4299e386f33bf582139cd4702571d93bde"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://github.com/shannah/xataface/releases/tag/3.0.0"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.217442"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.217442"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Primary"}]}