{"vulnerability": "CVE-2021-38138", "sightings": [{"uuid": "0102b9fe-d192-4201-b2b8-94907b28e4d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38138", "type": "seen", "source": "https://t.me/cibsecurity/26887", "content": "\u203c CVE-2021-38138 \u203c\n\nOneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-05T20:31:24.000000Z"}]}