CVE-2021-4266

CVSS V2 None CVSS V3 None
Description
A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468.
Overview
  • CVE ID
  • CVE-2021-4266
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-21T19:15:12
  • Last Modified Date
  • 2022-12-28T18:50:53
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CWE-707 http://cwe.mitre.org/data/definitions/707.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:hitachi:community_plugin_framework:*:*:*:*:*:*:*:* 1 OR 9.5.0.0-81
References
Reference URL Reference Tags
https://github.com/siwapp/siwapp-ror/pull/365
https://github.com/webdetails/cpf/commit/3bff900d228e8cae3af256b447c5d15bdb03c174
https://github.com/webdetails/cpf/releases/tag/9.5.0.0-81
https://vuldb.com/?id.216468
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-4266
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4266
History
Created Old Value New Value Data Type Notes
2022-12-21 20:16:16 Added to TrackCVE
2022-12-21 20:16:17 Weakness Enumeration new
2022-12-22 20:15:36 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-28 19:14:48 2022-12-28T18:50:53 CVE Modified Date updated
2022-12-28 19:14:48 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-28 19:14:52 Weakness Enumeration update
2022-12-28 19:14:53 CPE Information updated