CVE-2021-35377

Summary

CVE	CVE-2021-35377
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-06 20:15:00 UTC
Updated	2023-03-13 18:46:00 UTC
Description	Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Vicidial	Vicidial	2.10-415c	140918-1606	All	All
Application	Vicidial	Vicidial	2.14-597c	191114-0949	All	All
Application	Vicidial	Vicidial	2.14-610c	200528-2239	All	All
Application	Vicidial	Vicidial	2.9-401c	140612-1626	All	All

References

Reference	Source	Link	Tags
vicidial.org • View topic - Vicidial svn 3454 (CVE-2021-35377) security notice from 2021	MISC	www.vicidial.org
VICIdial.com	MISC	vicidial.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.