Filtered by vendor Webuzo Subscriptions
Filtered by product Webuzo Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40238 1 Webuzo 1 Webuzo 2024-11-21 6.1 Medium
A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.