ctrlo lenio views/contractor.tt contractor.name cross site scripting

A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was disclosed 12/18/2022 as e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. The advisory is shared for download at github.com. This vulnerability is handled as CVE-2021-4255. The attack may be launched remotely. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1059.007. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

2 Changes · 43 Data Points

FieldCreated
12/18/2022 22:58		Update 1/1
01/15/2023 10:00
software_vendorctrloctrlo
software_nameleniolenio
software_fileviews/contractor.ttviews/contractor.tt
software_argumentcontractor.namecontractor.name
vulnerability_cweCWE-79 (cross site scripting)CWE-79 (cross site scripting)
vulnerability_risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
advisory_identifiere1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97
advisory_urlhttps://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97
countermeasure_namePatchPatch
patch_namee1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97
countermeasure_patch_urlhttps://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97
source_cveCVE-2021-4255CVE-2021-4255
cna_responsibleVulDBVulDB
advisory_date1671318000 (12/18/2022)1671318000 (12/18/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore3.53.5
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.43.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.43.4
price_0day$0-$5k$0-$5k
cve_assigned1671318000 (12/18/2022)
cve_nvd_summaryA vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216212.

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!