Unrated severityNVD Advisory· Published Sep 15, 2021· Updated Aug 4, 2024
CVE-2021-40238
CVE-2021-40238
Description
A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Webuzo/Webuzodescription
- Range: <2.9.0
Patches
Vulnerability mechanics
References
2- gist.github.com/omriinbar/5a24ccc2127ac61b6d9872c9405ebc8emitrex_refsource_MISC
- www.webuzo.com/blog/webuzo-2-9-0-launched/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.