CVE-2021-30134
28Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendcvss 6.1epss 1.3%
exploitation probability
1.3%top 34% of all CVEs
observed exploitation
nono source reports it
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/a