CVE-2021-25791

{"id": "CVE-2021-25791", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-07-23T18:15:08.193", "references": [{"url": "https://www.exploit-db.com/exploits/49396", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://www.sourcecodester.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49396", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sourcecodester.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple stored cross site scripting (XSS) vulnerabilities in the \"Update Profile\" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cross site scripting (XSS) almacenadas en el m\u00f3dulo \"Update Profile\" de Online Doctor Appointment System versi\u00f3n 1.0, permiten a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de cargas \u00fatiles dise\u00f1adas en los campos de texto First Name, Last Name y Address"}], "lastModified": "2024-11-21T05:55:27.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:online_doctor_appointment_system_php_full_source_code_project:online_doctor_appointment_system_php_full_source_code:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C2CAB04-D447-44AD-873F-44CFD73CFB49"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}