Security Advisory

CVE-2021-40238

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-15 16:19:57

Last updated 2024-08-04 02:27:31

Assigner mitre

State PUBLISHED

Description

A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.

← Browse all CVEs View on cve.org ↗