gnuboard youngcart5 up to 5.4.5.1 adm/menu_list_update.php me_link cross site scripting

A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menu_list_update.php. The manipulation of the argument me_link leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The weakness was shared 12/28/2022 as 70daa537adfa47b87af12d85f1e698fff01785ff. The advisory is available at github.com. This vulnerability is traded as CVE-2021-4293. It is possible to launch the attack remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. Upgrading to version 5.4.5.2 is able to address this issue. The updated version is ready for download at github.com. The patch is identified as 70daa537adfa47b87af12d85f1e698fff01785ff. The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field01/25/2023 14:5901/25/2023 15:0401/25/2023 15:05
vendorgnuboardgnuboardgnuboard
nameyoungcart5youngcart5youngcart5
version<=5.4.5.1<=5.4.5.1<=5.4.5.1
fileadm/menu_list_update.phpadm/menu_list_update.phpadm/menu_list_update.php
argumentme_linkme_linkme_link
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier70daa537adfa47b87af12d85f1e698fff01785ff70daa537adfa47b87af12d85f1e698fff01785ff70daa537adfa47b87af12d85f1e698fff01785ff
urlhttps://github.com/gnuboard/youngcart5/commit/70daa537adfa47b87af12d85f1e698fff01785ffhttps://github.com/gnuboard/youngcart5/commit/70daa537adfa47b87af12d85f1e698fff01785ffhttps://github.com/gnuboard/youngcart5/commit/70daa537adfa47b87af12d85f1e698fff01785ff
nameUpgradeUpgradeUpgrade
upgrade_version5.4.5.25.4.5.25.4.5.2
upgrade_urlhttps://github.com/gnuboard/youngcart5/releases/tag/5.4.5.2https://github.com/gnuboard/youngcart5/releases/tag/5.4.5.2https://github.com/gnuboard/youngcart5/releases/tag/5.4.5.2
patch_name70daa537adfa47b87af12d85f1e698fff01785ff70daa537adfa47b87af12d85f1e698fff01785ff70daa537adfa47b87af12d85f1e698fff01785ff
patch_urlhttps://github.com/gnuboard/youngcart5/commit/70daa537adfa47b87af12d85f1e698fff01785ffhttps://github.com/gnuboard/youngcart5/commit/70daa537adfa47b87af12d85f1e698fff01785ffhttps://github.com/gnuboard/youngcart5/commit/70daa537adfa47b87af12d85f1e698fff01785ff
cveCVE-2021-4293CVE-2021-4293CVE-2021-4293
responsibleVulDBVulDBVulDB
eol111
date1672182000 (12/28/2022)1672182000 (12/28/2022)1672182000 (12/28/2022)
typeForum SoftwareForum SoftwareForum Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.53.53.5
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.43.43.4
cvss3_meta_basescore3.54.44.4
cvss3_meta_tempscore3.44.34.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672182000 (12/28/2022)1672182000 (12/28/2022)1672182000 (12/28/2022)
cve_nvd_summary** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menu_list_update.php. The manipulation of the argument me_link leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.4.5.2 is able to address this issue. The name of the patch is 70daa537adfa47b87af12d85f1e698fff01785ff. It is recommended to upgrade the affected component. VDB-216954 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menu_list_update.php. The manipulation of the argument me_link leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.4.5.2 is able to address this issue. The name of the patch is 70daa537adfa47b87af12d85f1e698fff01785ff. It is recommended to upgrade the affected component. VDB-216954 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menu_list_update.php. The manipulation of the argument me_link leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.4.5.2 is able to address this issue. The name of the patch is 70daa537adfa47b87af12d85f1e698fff01785ff. It is recommended to upgrade the affected component. VDB-216954 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cve_cnaVulDBVulDB
cvss3_nvd_basescore6.16.1
cvss3_cna_basescore3.53.5

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!