Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-40925

Good to know:

icon

Date: October 1, 2021

Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter.

Language: PHP

Severity Score

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2021-40925
https://github.com/ladybirdweb/faveo-helpdesk/issues/5423
https://github.com/ladybirdweb/faveo-helpdesk
https://www.mend.io/vulnerability-database/CVE-2021-40925

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version pessoaweb/pdf - 1.1.0;febrianrz/crudbooster - 5.2.x-dev;febrianrz/crudbooster - v2.1.3;bueno-networks/dompdf - v0.6.2;nakamuraagatha/crudder - v2.1.3;nakamuraagatha/crudder - 5.2.x-dev;christopherney/crudbooster - 5.2.x-dev;christopherney/crudbooster - v2.1.3;hoffmann-andras/dompdf - v0.7.0-beta;priana/crudbooster - 5.2.x-dev;priana/crudbooster - v2.1.3;vanwhebin/dompdf - v0.6.2;dkapusta/dompdf - v0.7.0-beta;aha/dompdf - v0.7.0-beta;netiul/dompdf-module - dev-improve-github-actions;netiul/dompdf-module - v0.3.0;saptarshimondal/crudbooster - v2.1.3;saptarshimondal/crudbooster - 5.2.x-dev;digsolab/dompdf - no_fix;digsolab/dompdf - v0.5.2;versatecnologia/dompdf-module - dev-master;versatecnologia/dompdf-module - v0.3.0;tango/tango - v1.x-dev;nmalo/dompdf-bundle - no_fix;crocodicstudio/crudbooster - 5.2.x-dev;crocodicstudio/crudbooster - v2.1.3;bellcom/os2subsites - no_fix;sfneal/dompdf - v0.7.0-beta;speedovation/laravelmart - dev-Laravel5;speedovation/laravelmart - 0.2;tomsmile/crudbooster - v2.1.3;tomsmile/crudbooster - 5.2.x-dev;odaiatef/crudbooster - 5.2.x-dev;odaiatef/crudbooster - v2.1.3;nahansans/crudbooster - v2.1.14;nahansans/crudbooster - 5.2.x-dev;nahansans/crudbooster - v2.1.10;nahansans/crudbooster - v2.1.6;nahansans/crudbooster - v2.1.3;tjs-technology/fuelpdf - no_fix;practo/dompdf - no_fix;lucien-correia/one-signal - dev-master;lucien-correia/one-signal - no_fix;bariew/dompdf - no_fix;serdarozturk/dompdf - v0.7.0-beta;doo-vjdev/dompdf - master@stable;doo-vjdev/dompdf - no_fix;brainbox/shared - no_fix;chillzy/dompdf - v0.6.2;myhayo/dompdf - v0.7.0-beta;innomatic-libs/dompdf - no_fix;cigarrita-worker/cigarrita-api - no_fix;monkeytie/dompdf - v0.7.0-beta;monkeytie/dompdf - dev-0.6.2-hotfix;santhoshjanan/crudbooster - 5.2.x-dev;santhoshjanan/crudbooster - v2.1.3;ashwinrana/crudbooster - 5.2.x-dev;ashwinrana/crudbooster - v2.1.3;slik/dompdf-bundle - no_fix;bizprove/dompdf - v0.7.0-beta;sendaxe/senda-gnre - no_fix;sendaxe/senda-gnre - v1.0.0;nimesh143/crudbooster - v2.1.3;nimesh143/crudbooster - 5.2.x-dev;narutovn/dompdf - v0.7.0-beta;abenzakour/crudbooster - v2.1.3;abenzakour/crudbooster - 5.2.x-dev;flamingosrules/dompdf - v0.6.2;brunodebarros/dompdf - v0.7.0-beta;zaxx44a/crudbooster - v2.1.11;zaxx44a/crudbooster - 5.2.x-dev;zaxx44a/crudbooster - v2.1.3;baklysystems/dompdf - v0.6.2;micdavino/crudbooster - v2.1.3;whytobe/crudbooster - v2.1.3;whytobe/crudbooster - 5.2.x-dev;brendomorassi/crudbooster - v2.1.3;brendomorassi/crudbooster - 5.2.x-dev;ewebcms/ewebcms - v1.0;mezhenko/dompdf - v0.6.2;amr.hosney/dompdf - v0.7.0-beta;dino/dompdf-module - v0.3.0;dino/dompdf-module - dev-master;intelogie/dompdf - v0.7.0-beta;tekintian/dompdf - v0.7.0-beta;strangetin/dompdf - v0.7.0-beta;dompdf/dompdf - v0.7.0-beta;psh24053/crudbooster - 5.2.x-dev;psh24053/crudbooster - v2.1.3;xzy/dompdf - v0.7.0-beta;blacksmurf/symfony2-core-bundle - no_fix;kgcoder/ar-dompdf - v0.6.2;mramadan0101/dompdf - v0.7.0-beta;versatecnologia/dompdf - v0.7.0-beta;sandeshsays/crudbooster - v2.1.3;trafficfox/dompdf - v0.7.0-beta;thewulf00/dompdf - v0.7.0-beta;traitify/client - dev-untested;opirrello/rustik-framework - no_fix;chocri/nxdompdf - v0.7.0-beta

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us