Webdetails CPF 9.5 XSS via baseUrl in DependenciesPackage (fixed in 9.5.0.0-81)
CVE-2021-4266 Published on December 21, 2022
Webdetails cpf DependenciesPackage.java cross site scripting
A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468.
Vulnerability Analysis
CVE-2021-4266 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Improper Neutralization
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Products Associated with CVE-2021-4266
Want to know whenever a new CVE is published for Hitachi Community Plugin Framework? stack.watch will email you.
Affected Versions
Webdetails cpf Version 9.5.0.0-80 is affected by CVE-2021-4266Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.