CVE-2021-44911 — MEDIUM (5.4)

Q: How severe is CVE-2021-44911?

CVE-2021-44911 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-44911?

Check the references section above for vendor advisories and patch information. Affected products include: Xpressengine Xpressengine.

Vulnerability Description

XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Xpressengine	Xpressengine	< 1.11.6

Related Weaknesses (CWE)

CWE-79

References

https://github.com/xpressengine/xe-core/issues/2434ExploitPatchThird Party Advisory
https://github.com/xpressengine/xe-core/issues/2434ExploitPatchThird Party Advisory

FAQ

What is CVE-2021-44911?

CVE-2021-44911 is a vulnerability with a CVSS score of 5.4 (MEDIUM). XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the fil...

How severe is CVE-2021-44911?

CVE-2021-44911 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44911?

Check the references section above for vendor advisories and patch information. Affected products include: Xpressengine Xpressengine.