Moole Vulnerability Database

Find real vulnerabilities before they ship

Medium

CVE-2021-40926

Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.

VectorNETWORK

PublishedOct 01, 2021, 16:15

Published Bycve@mitre.org

Base Score

Score6.1

Affected Versions

Package (Ecosystem)IntroducedFixedLimit

james-heinrich/getid3(Packagist)1.0.01.9.21N/A

References

https://github.com/JamesHeinrich/getID3
https://github.com/JamesHeinrich/getID3/issues/341

Weakness Type

CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base SeverityMedium

Version

3.1

Attack Vector (AV)

NETWORK