CVE-2021-43810
HIGH NUCLEIadmidio < 4.0.12 - Reflected Cross-Site Scripting via redirect.php URL Parameter
Title source: llmExploitation Summary
CVE-2021-43810 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.
Nuclei Templates (1)
Admidio - Cross-Site Scripting
MEDIUMby gy741
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh
Patch, Third Party Advisory x_refsource_misc
https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21
Patch, Third Party Advisory x_refsource_misc
https://github.com/Admidio/admidio/commit/fcb0609abc1d2f65bc1377866bd678e5d891404b
Patch, Release Notes, Third Party Advisory x_refsource_misc
https://github.com/Admidio/admidio/releases/tag/v4.0.12
Scores
CVSS v3
8.8
EPSS
0.0578
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (1)
admidio/admidio
< 4.0.12
Published
Dec 07, 2021
Tracked Since
Feb 18, 2026