Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability.
References
Link | Resource |
---|---|
https://github.com/happyliu2014/Workerman-ThinkPHP-Redis/issues/1 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-29T12:25:33
Updated: 2021-12-01T11:46:28
Reserved: 2021-11-15T00:00:00
Link: CVE-2021-43697
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-29T13:15:07.447
Modified: 2021-12-10T02:54:33.823
Link: CVE-2021-43697
JSON object: View
Redhat Information
No data.
CWE