CVE-2021-4302

Summary

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is named b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419.

Affected Software

VendorProductVersion RangeStatus
slackerophpwcms1.9.0affected
slackerophpwcms1.9.1affected
slackerophpwcms1.9.2affected
slackerophpwcms1.9.3affected
slackerophpwcms1.9.4affected
slackerophpwcms1.9.5affected
slackerophpwcms1.9.6affected
slackerophpwcms1.9.7affected
slackerophpwcms1.9.8affected
slackerophpwcms1.9.9affected
slackerophpwcms1.9.10affected
slackerophpwcms1.9.11affected
slackerophpwcms1.9.12affected
slackerophpwcms1.9.13affected
slackerophpwcms1.9.14affected
slackerophpwcms1.9.15affected
slackerophpwcms1.9.16affected
slackerophpwcms1.9.17affected
slackerophpwcms1.9.18affected
slackerophpwcms1.9.19affected
slackerophpwcms1.9.20affected
slackerophpwcms1.9.21affected
slackerophpwcms1.9.22affected
slackerophpwcms1.9.23affected
slackerophpwcms1.9.24affected
slackerophpwcms1.9.25affected
slackerophpwcms1.9.26affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References