{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T23:04:24.482","vulnerabilities":[{"cve":{"id":"CVE-2021-26628","sourceIdentifier":"vuln@krcert.or.kr","published":"2022-04-26T19:15:48.733","lastModified":"2024-11-21T05:56:37.377","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files."},{"lang":"es","value":"Una insuficiente comprobación de scripts de la página de administración permite un ataque de tipo XSS, lo que causa que usuarios no autorizados roben privilegios de administrador. Cuando es subido un archivo en un menú específico, la verificación de los archivos es insuficiente. Permite a atacantes remotos subir archivos arbitrarios disfrazándolos de archivos de imagen"}],"metrics":{"cvssMetricV31":[{"source":"vuln@krcert.or.kr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"vuln@krcert.or.kr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:maxb:maxboard:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.6.1","matchCriteriaId":"AD8C701F-B85E-4769-B5B1-ABCFAFBA64B2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1"}]}]}],"references":[{"url":"https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66673","source":"vuln@krcert.or.kr","tags":["Third Party Advisory"]},{"url":"https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66673","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}