Home > Vulnerability Database > CVE-2021-31711

Mend.io Vulnerability Database

CVE-2021-31711

Good to know:

Date: May 8, 2023

Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file.

Language: PHP

Severity Score

5.4

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-31711

Url: https://github.com/trippo/ResponsiveFilemanager/issues/661

Url: https://www.mend.io/vulnerability-database/CVE-2021-31711

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version vamcart/vamcart - 2.56.1;vamcart/vamcart - 2.4.5;vamcart/vamcart - 2.31;despark/html-template-curator - no_fix;despark/html-template-curator - v.1.0;fznoviar/responsivefilemanager - 9.9.4;fznoviar/responsivefilemanager - no_fix;fznoviar/responsivefilemanager - v9.10.1;melisplatform/melis-core - v4.0.18;melisplatform/melis-core - dev-update/change-composer-version;melisplatform/melis-core - dev-feature/update-dashboard-plugin;melisplatform/melis-core - v3.2.0;melisplatform/melis-core - v4.0.15;melisplatform/melis-core - v3.1.2;melisplatform/melis-core - no_fix;melisplatform/melis-core - v4.0.8;melisplatform/melis-core - dev-fix/bo-lang-icon-column;melisplatform/melis-core - v4.1.1;melisplatform/melis-core - dev-fix/gdpr-email-conf-smtp;melisplatform/melis-core - dev-feature/update-tinymce-5.10.0;melisplatform/melis-core - dev-php-7.0;melisplatform/melis-core - dev-fix/reset-password-link;melisplatform/melis-core - v2.1;melisplatform/melis-core - dev-fix/log-error-500;melisplatform/melis-core - dev-update/php-8-upgrade;melisplatform/melis-core - v3.0.0;ahyadessam/laravel-adminlte - 1.1.4;zafranf/zetthcore - v0.1.0;zafranf/zetthcore - dev-L6;zafranf/zetthcore - v0.1.9;despark/igni-core - no_fix;thelia/tinymce-module - 2.4.0-apha1;thelia/tinymce-module - 1.0;thelia/tinymce-module - 2.5.0-alpha1;seguce92/filemanager - v1.3.6;crabstudio/app - dev-master-license-removal;crabstudio/app - dev-revert-244-jsonview-serialization;lekoala/silverstripe-form-extras - 1.0.0;lekoala/silverstripe-form-extras - 1.2.13;amirkoklan/responsivefilemanager - no_fix;amirkoklan/responsivefilemanager - 9.9.4;amirkoklan/responsivefilemanager - v9.10.1;dimaninc/di_core - no_fix;dimaninc/di_core - 0.2.0;thelia/thelia - 2.5.0-alpha1;thelia/thelia - dev-modern-bo;therealworld/rte-module - dev-oxid61;therealworld/rte-module - v1.7.0;imagecms/imagecms - v4.9;imagecms/imagecms - v1.0.5;shurupov/qengine - no_fix;sovanet/eshop - no_fix;panix/wgt-tinymce - no_fix;ronappleton/radmin-tinymce - no_fix;laravelcity/laravel-filemanager - no_fix;deimon/sandbox-project - 1.0.2;fed/mce - no_fix;rokorolov/parus-basic-app - no_fix;brucecms/pages - no_fix;despark/ignicms - no_fix

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-31711

Good to know:

Date: May 8, 2023

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?