CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
CVE-2021-28803 (GCVE-0-2021-28803)
Vulnerability from cvelistv5 – Published: 2021-07-01 02:00 – Updated: 2024-09-16 17:34
VLAI
Title
Stored XSS Vulnerability in Q'center
Summary
This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004.
Severity
No CVSS data available.
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/zh-tw/security-advisory/qsa-21-31 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Q'center |
Affected:
unspecified , < 1.11.1004
(custom)
|
Date Public
2021-07-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Q\u0027center",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "1.11.1004",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jan Hoff"
}
],
"datePublic": "2021-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This issue affects: QNAP Systems Inc. Q\u0027center versions prior to 1.11.1004."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T02:00:21.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-31"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions:\n\nQ\u0027center 1.11.1004 and later"
}
],
"source": {
"advisory": "QSA-21-31",
"discovery": "EXTERNAL"
},
"title": "Stored XSS Vulnerability in Q\u0027center",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-07-01T00:46:00.000Z",
"ID": "CVE-2021-28803",
"STATE": "PUBLIC",
"TITLE": "Stored XSS Vulnerability in Q\u0027center"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Q\u0027center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.11.1004"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jan Hoff"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue affects: QNAP Systems Inc. Q\u0027center versions prior to 1.11.1004."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-31",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-31"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions:\n\nQ\u0027center 1.11.1004 and later"
}
],
"source": {
"advisory": "QSA-21-31",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-28803",
"datePublished": "2021-07-01T02:00:21.939Z",
"dateReserved": "2021-03-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:34:26.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29438 (GCVE-0-2021-29438)
Vulnerability from cvelistv5 – Published: 2021-04-13 18:40 – Updated: 2024-08-03 22:02
VLAI
Title
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs
Summary
The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to display HTML in the toast, explicitly pass the `options.isHTML` config flag.
Severity
4.6 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/nextcloud-dialogs/se… | x_refsource_CONFIRM |
| https://www.npmjs.com/package/%40nextcloud/dialogs | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud-dialogs |
Affected:
< 3.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/nextcloud-dialogs/security/advisories/GHSA-g3fq-3v3g-mh32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/%40nextcloud/dialogs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nextcloud-dialogs",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to display HTML in the toast, explicitly pass the `options.isHTML` config flag."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "{\"CWE-80\":\"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T18:40:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/nextcloud-dialogs/security/advisories/GHSA-g3fq-3v3g-mh32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/%40nextcloud/dialogs"
}
],
"source": {
"advisory": "GHSA-g3fq-3v3g-mh32",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29438",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nextcloud-dialogs",
"version": {
"version_data": [
{
"version_value": "\u003c 3.1.2"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to display HTML in the toast, explicitly pass the `options.isHTML` config flag."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-80\":\"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/nextcloud-dialogs/security/advisories/GHSA-g3fq-3v3g-mh32",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/nextcloud-dialogs/security/advisories/GHSA-g3fq-3v3g-mh32"
},
{
"name": "https://www.npmjs.com/package/@nextcloud/dialogs",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/@nextcloud/dialogs"
}
]
},
"source": {
"advisory": "GHSA-g3fq-3v3g-mh32",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29438",
"datePublished": "2021-04-13T18:40:15.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29467 (GCVE-0-2021-29467)
Vulnerability from cvelistv5 – Published: 2021-04-22 00:05 – Updated: 2024-08-03 22:11
VLAI
Title
Self-XSS
Summary
Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1.
Severity
6.1 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/birb-digital/wrongthink/securi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| birb-digital | wrongthink |
Affected:
< 2.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/birb-digital/wrongthink/security/advisories/GHSA-529v-f2gf-62w9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wrongthink",
"vendor": "birb-digital",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T00:05:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/birb-digital/wrongthink/security/advisories/GHSA-529v-f2gf-62w9"
}
],
"source": {
"advisory": "GHSA-529v-f2gf-62w9",
"discovery": "UNKNOWN"
},
"title": "Self-XSS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29467",
"STATE": "PUBLIC",
"TITLE": "Self-XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wrongthink",
"version": {
"version_data": [
{
"version_value": "\u003c 2.4.1"
}
]
}
}
]
},
"vendor_name": "birb-digital"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/birb-digital/wrongthink/security/advisories/GHSA-529v-f2gf-62w9",
"refsource": "CONFIRM",
"url": "https://github.com/birb-digital/wrongthink/security/advisories/GHSA-529v-f2gf-62w9"
}
]
},
"source": {
"advisory": "GHSA-529v-f2gf-62w9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29467",
"datePublished": "2021-04-22T00:05:16.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:05.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29503 (GCVE-0-2021-29503)
Vulnerability from cvelistv5 – Published: 2021-05-19 19:55 – Updated: 2024-08-03 22:11
VLAI
Title
Improper Neutralization of Script-Related HTML Tags in Notes
Summary
HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend rendering the script tag as part of the `<head>` section. Unless your instance prevents guests from editing notes, this vulnerability allows unauthenticated attackers to inject JavaScript into notes that allow guest edits. If your instance prevents guests from editing notes, this vulnerability allows authenticated attackers to inject JavaScript into any note pages they have write-access to. This vulnerability is patched in version 1.8.2. As a workaround, one can disable guest edits until the next update.
Severity
8.1 (High)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/hedgedoc/hedgedoc/security/adv… | x_refsource_CONFIRM |
| https://github.com/hedgedoc/hedgedoc/commit/01dad… | x_refsource_MISC |
| https://github.com/hedgedoc/hedgedoc/releases/tag/1.8.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hedgedoc/hedgedoc/commit/01dad5821ee28377ebe640c6c72c3e0bb0d51ea7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hedgedoc/hedgedoc/releases/tag/1.8.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hedgedoc",
"vendor": "hedgedoc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend rendering the script tag as part of the `\u003chead\u003e` section. Unless your instance prevents guests from editing notes, this vulnerability allows unauthenticated attackers to inject JavaScript into notes that allow guest edits. If your instance prevents guests from editing notes, this vulnerability allows authenticated attackers to inject JavaScript into any note pages they have write-access to. This vulnerability is patched in version 1.8.2. As a workaround, one can disable guest edits until the next update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T19:55:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hedgedoc/hedgedoc/commit/01dad5821ee28377ebe640c6c72c3e0bb0d51ea7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hedgedoc/hedgedoc/releases/tag/1.8.2"
}
],
"source": {
"advisory": "GHSA-gjg7-4j2h-94fq",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags in Notes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29503",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Script-Related HTML Tags in Notes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hedgedoc",
"version": {
"version_data": [
{
"version_value": "\u003c 1.8.2"
}
]
}
}
]
},
"vendor_name": "hedgedoc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend rendering the script tag as part of the `\u003chead\u003e` section. Unless your instance prevents guests from editing notes, this vulnerability allows unauthenticated attackers to inject JavaScript into notes that allow guest edits. If your instance prevents guests from editing notes, this vulnerability allows authenticated attackers to inject JavaScript into any note pages they have write-access to. This vulnerability is patched in version 1.8.2. As a workaround, one can disable guest edits until the next update."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq",
"refsource": "CONFIRM",
"url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq"
},
{
"name": "https://github.com/hedgedoc/hedgedoc/commit/01dad5821ee28377ebe640c6c72c3e0bb0d51ea7",
"refsource": "MISC",
"url": "https://github.com/hedgedoc/hedgedoc/commit/01dad5821ee28377ebe640c6c72c3e0bb0d51ea7"
},
{
"name": "https://github.com/hedgedoc/hedgedoc/releases/tag/1.8.2",
"refsource": "MISC",
"url": "https://github.com/hedgedoc/hedgedoc/releases/tag/1.8.2"
}
]
},
"source": {
"advisory": "GHSA-gjg7-4j2h-94fq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29503",
"datePublished": "2021-05-19T19:55:10.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:05.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32718 (GCVE-0-2021-32718)
Vulnerability from cvelistv5 – Published: 2021-06-28 14:50 – Updated: 2024-08-03 23:25
VLAI
Title
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI
Summary
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
Severity
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rabbitmq/rabbitmq-server/secur… | x_refsource_CONFIRM |
| https://github.com/rabbitmq/rabbitmq-server/pull/3028 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2021/Dec/3 | mailing-listx_refsource_FULLDISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rabbitmq | rabbitmq-server |
Affected:
< 3.8.17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3028"
},
{
"name": "20211203 usd AG Security Advisories 11/2021",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rabbitmq-server",
"vendor": "rabbitmq",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user\u0027s bane being rendered in a confirmation message without proper `\u003cscript\u003e` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T18:06:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3028"
},
{
"name": "20211203 usd AG Security Advisories 11/2021",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/3"
}
],
"source": {
"advisory": "GHSA-c3hj-rg5h-2772",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32718",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rabbitmq-server",
"version": {
"version_data": [
{
"version_value": "\u003c 3.8.17"
}
]
}
}
]
},
"vendor_name": "rabbitmq"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user\u0027s bane being rendered in a confirmation message without proper `\u003cscript\u003e` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772",
"refsource": "CONFIRM",
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/pull/3028",
"refsource": "MISC",
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3028"
},
{
"name": "20211203 usd AG Security Advisories 11/2021",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Dec/3"
}
]
},
"source": {
"advisory": "GHSA-c3hj-rg5h-2772",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32718",
"datePublished": "2021-06-28T14:50:10.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:25:31.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32719 (GCVE-0-2021-32719)
Vulnerability from cvelistv5 – Published: 2021-06-28 15:15 – Updated: 2024-08-03 23:25
VLAI
Title
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin
Summary
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
Severity
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rabbitmq/rabbitmq-server/secur… | x_refsource_CONFIRM |
| https://github.com/rabbitmq/rabbitmq-server/pull/3122 | x_refsource_MISC |
| https://herolab.usd.de/security-advisories/usd-20… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rabbitmq | rabbitmq-server |
Affected:
< 3.8.18
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2021-0011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rabbitmq-server",
"vendor": "rabbitmq",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper \u003cscript\u003e tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T13:21:36.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2021-0011/"
}
],
"source": {
"advisory": "GHSA-5452-hxj4-773x",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32719",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rabbitmq-server",
"version": {
"version_data": [
{
"version_value": "\u003c 3.8.18"
}
]
}
}
]
},
"vendor_name": "rabbitmq"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper \u003cscript\u003e tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x",
"refsource": "CONFIRM",
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/pull/3122",
"refsource": "MISC",
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3122"
},
{
"name": "https://herolab.usd.de/security-advisories/usd-2021-0011/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2021-0011/"
}
]
},
"source": {
"advisory": "GHSA-5452-hxj4-773x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32719",
"datePublished": "2021-06-28T15:15:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:25:31.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32735 (GCVE-0-2021-32735)
Vulnerability from cvelistv5 – Published: 2021-07-02 14:45 – Updated: 2024-08-03 23:33
VLAI
Title
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
Summary
Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form.
Severity
7.1 (High)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/getkirby/kirby/security/adviso… | x_refsource_CONFIRM |
| https://github.com/getkirby/kirby/releases/tag/3.5.7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-2f2w-349x-vrqm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.5.5, \u003c= 3.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel\u0027s `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T14:45:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-2f2w-349x-vrqm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.7"
}
],
"source": {
"advisory": "GHSA-2f2w-349x-vrqm",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting (XSS) from field and configuration text displayed in the Panel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32735",
"STATE": "PUBLIC",
"TITLE": "Cross-site scripting (XSS) from field and configuration text displayed in the Panel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kirby",
"version": {
"version_data": [
{
"version_value": "\u003c= 3.5.5, \u003c= 3.5.6"
}
]
}
}
]
},
"vendor_name": "getkirby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel\u0027s `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-2f2w-349x-vrqm",
"refsource": "CONFIRM",
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-2f2w-349x-vrqm"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.5.7",
"refsource": "MISC",
"url": "https://github.com/getkirby/kirby/releases/tag/3.5.7"
}
]
},
"source": {
"advisory": "GHSA-2f2w-349x-vrqm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32735",
"datePublished": "2021-07-02T14:45:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:54.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37195 (GCVE-0-2021-37195)
Vulnerability from cvelistv5 – Published: 2022-01-11 11:27 – Updated: 2024-08-04 01:16
VLAI
Summary
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.
Severity
No CVSS data available.
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | COMOS V10.2 |
Affected:
All versions only if web components are used
|
|
| Siemens | COMOS V10.3 |
Affected:
All versions < V10.3.3.3 only if web components are used
|
|
| Siemens | COMOS V10.4 |
Affected:
All versions < V10.4.1 only if web components are used
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "COMOS V10.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions only if web components are used"
}
]
},
{
"product": "COMOS V10.3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V10.3.3.3 only if web components are used"
}
]
},
{
"product": "COMOS V10.4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V10.4.1 only if web components are used"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions \u003c V10.3.3.3 only if web components are used), COMOS V10.4 (All versions \u003c V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:14.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "COMOS V10.2",
"version": {
"version_data": [
{
"version_value": "All versions only if web components are used"
}
]
}
},
{
"product_name": "COMOS V10.3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V10.3.3.3 only if web components are used"
}
]
}
},
{
"product_name": "COMOS V10.4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V10.4.1 only if web components are used"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions \u003c V10.3.3.3 only if web components are used), COMOS V10.4 (All versions \u003c V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37195",
"datePublished": "2022-01-11T11:27:13.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:16:03.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39348 (GCVE-0-2021-39348)
Vulnerability from cvelistv5 – Published: 2021-10-21 19:38 – Updated: 2025-02-14 17:55
VLAI
Title
LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting
Summary
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://plugins.trac.wordpress.org/changeset?sfp_… | x_refsource_MISC |
| https://wordfence.com/vulnerability-advisories/#C… | x_refsource_MISC |
| https://github.com/BigTiger2020/word-press/blob/m… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LearnPress | LearnPress |
Affected:
4.1.3.1 , ≤ 4.1.3.1
(custom)
|
Date Public
2021-10-18 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2614592%40learnpress\u0026new=2614592%40learnpress\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39348"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/BigTiger2020/word-press/blob/main/LearnPress.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T17:55:27.092688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T17:55:29.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LearnPress",
"vendor": "LearnPress",
"versions": [
{
"lessThanOrEqual": "4.1.3.1",
"status": "affected",
"version": "4.1.3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thinkland Security Team"
}
],
"datePublic": "2021-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T19:38:25.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2614592%40learnpress\u0026new=2614592%40learnpress\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39348"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BigTiger2020/word-press/blob/main/LearnPress.md"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 4.1.3.2 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LearnPress \u2013 WordPress LMS Plugin \u003c= 4.1.3.1 Authenticated Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-10-18T17:16:00.000Z",
"ID": "CVE-2021-39348",
"STATE": "PUBLIC",
"TITLE": "LearnPress \u2013 WordPress LMS Plugin \u003c= 4.1.3.1 Authenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LearnPress",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.1.3.1",
"version_value": "4.1.3.1"
}
]
}
}
]
},
"vendor_name": "LearnPress"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thinkland Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2614592%40learnpress\u0026new=2614592%40learnpress\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2614592%40learnpress\u0026new=2614592%40learnpress\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39348",
"refsource": "MISC",
"url": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39348"
},
{
"name": "https://github.com/BigTiger2020/word-press/blob/main/LearnPress.md",
"refsource": "MISC",
"url": "https://github.com/BigTiger2020/word-press/blob/main/LearnPress.md"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 4.1.3.2 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-39348",
"datePublished": "2021-10-21T19:38:25.592Z",
"dateReserved": "2021-08-20T00:00:00.000Z",
"dateUpdated": "2025-02-14T17:55:29.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43862 (GCVE-0-2021-43862)
Vulnerability from cvelistv5 – Published: 2021-12-30 14:15 – Updated: 2024-08-04 04:10
VLAI
Title
Self XSS on user input
Summary
jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way).
Severity
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/jcubic/jquery.terminal/securit… | x_refsource_CONFIRM |
| https://github.com/jcubic/jquery.terminal/issues/727 | x_refsource_MISC |
| https://github.com/jcubic/jquery.terminal/commit/… | x_refsource_MISC |
| https://github.com/jcubic/jquery.terminal/release… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jcubic | jquery.terminal |
Affected:
< 2.31.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jcubic/jquery.terminal/issues/727"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jcubic/jquery.terminal/releases/tag/2.31.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jquery.terminal",
"vendor": "jcubic",
"versions": [
{
"status": "affected",
"version": "\u003c 2.31.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T14:15:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jcubic/jquery.terminal/issues/727"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jcubic/jquery.terminal/releases/tag/2.31.1"
}
],
"source": {
"advisory": "GHSA-x9r5-jxvq-4387",
"discovery": "UNKNOWN"
},
"title": "Self XSS on user input",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43862",
"STATE": "PUBLIC",
"TITLE": "Self XSS on user input"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jquery.terminal",
"version": {
"version_data": [
{
"version_value": "\u003c 2.31.1"
}
]
}
}
]
},
"vendor_name": "jcubic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387",
"refsource": "CONFIRM",
"url": "https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387"
},
{
"name": "https://github.com/jcubic/jquery.terminal/issues/727",
"refsource": "MISC",
"url": "https://github.com/jcubic/jquery.terminal/issues/727"
},
{
"name": "https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5",
"refsource": "MISC",
"url": "https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5"
},
{
"name": "https://github.com/jcubic/jquery.terminal/releases/tag/2.31.1",
"refsource": "MISC",
"url": "https://github.com/jcubic/jquery.terminal/releases/tag/2.31.1"
}
]
},
"source": {
"advisory": "GHSA-x9r5-jxvq-4387",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43862",
"datePublished": "2021-12-30T14:15:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:17.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended.
Mitigation ID: MIT-30.1
Phase: Implementation
Strategy: Output Encoding
Description:
- Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.
- The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks.
Mitigation ID: MIT-43
Phase: Implementation
Description:
- With Struts, write all data from form beans with the bean's filter attribute set to true.
Mitigation ID: MIT-31
Phase: Implementation
Strategy: Attack Surface Reduction
Description:
- To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XmlHttpRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
CAPEC-18: XSS Targeting Non-Script Elements
This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an adversary to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote adversary to collect and interpret the output of said attack.
CAPEC-193: PHP Remote File Inclusion
In this pattern the adversary is able to load and execute arbitrary code remotely available from the application. This is usually accomplished through an insecurely configured PHP runtime environment and an improperly sanitized "include" or "require" call, which the user can then control to point to any web-accessible file. This allows adversaries to hijack the targeted application and force it to execute their own instructions.
CAPEC-32: XSS Through HTTP Query Strings
An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application. The web application then procedes to use the values parameters without properly validation them first and generates the HTML code that will be executed by the victim's browser.
CAPEC-86: XSS Through HTTP Headers
An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.