Th3-822 Rapidleech classes/options/zip.php zip_go archive cross site scripting
A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go
of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The weakness was published 01/13/2023 as 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is possible to read the advisory at github.com.
This vulnerability is uniquely identified as CVE-2021-4312. It is possible to initiate the attack remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.
It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k.
The patch is named 885a87ea4ee5e14fa95801eca255604fb2e138c6. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.