CVE-2021-29272

Опубликовано: 27 мар. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

Ссылки

https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5
Third Party Advisory
https://vuln.ryotak.me/advisories/4
Third Party Advisory
https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5
Third Party Advisory
https://vuln.ryotak.me/advisories/4
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microco:bluemonday:*:*:*:*:*:*:*:*

Версия до 1.0.5 (исключая)

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-29272

CVSS3: 6.1

ubuntu

почти 5 лет назад

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

CVE-2021-29272

CVSS3: 5.9

redhat

почти 5 лет назад

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

GHSA-3x58-xr87-2fcj

CVSS3: 6.1

github

больше 4 лет назад

Cross-site scripting in bluemonday

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79