{"id":"CVE-2021-27308","details":"A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the \"redirect\" parameter.","aliases":["BIT-rum-2021-27308"],"modified":"2026-05-04T08:34:03.315104Z","published":"2021-03-22T15:15:14.160Z","withdrawn":"2026-05-04T08:34:03.315104Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/162946/4Images-1.8-Cross-Site-Scripting.html"},{"type":"EVIDENCE","url":"https://github.com/4images/4images/issues/3"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.8"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27308.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}