MEDIUM✓ PATCH🇬🇧 English

CVE-2021-3834

CVSS 5.4v3.1pub. 2021-10-07upd. 2024-11-21

Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • Artica Integria Ims

    APP
    Artica
    5.0.92
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2021-3832CRITICAL9.8ten sam produkt

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An ...

CVE-2021-3833CRITICAL9.8ten sam produkt

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by th...

CVE-2019-15091CRITICAL9.8ten sam produkt

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arb...

CVE-2018-1000812HIGH8.1ten sam produkt

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Rec...

CVE-2018-19829MEDIUM6.5ten sam produkt

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an ...

CVE-2021-3834 — MEDIUM 5.4 | CVEbaza.pl