CVE-2021-40238
Last modified
CVE-2021-40238 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Webuzo | Webuzo | < 2.9.0 |
References
- https://gist.github.com/omriinbar/5a24ccc2127ac61b6d9872c9405ebc8eThird Party Advisory
- https://www.webuzo.com/blog/webuzo-2-9-0-launched/Release Notes, Vendor Advisory
- https://gist.github.com/omriinbar/5a24ccc2127ac61b6d9872c9405ebc8eThird Party Advisory
- https://www.webuzo.com/blog/webuzo-2-9-0-launched/Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-40238?
How severe is CVE-2021-40238?
How do I fix CVE-2021-40238?
Are you affected by CVE-2021-40238?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST