CVE-2021-32858

Опубликовано: 21 фев. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.

Ссылки

https://github.com/esdoc/esdoc-plugins/blob/2de5022baa569785a189056a99acd1d7ca8284b7/esdoc-publish-html-plugin/src/Builder/util.js#L80
Patch
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2021-1034_esdoc-publish-html-plugin/
Exploit
Third Party Advisory
https://github.com/esdoc/esdoc-plugins/blob/2de5022baa569785a189056a99acd1d7ca8284b7/esdoc-publish-html-plugin/src/Builder/util.js#L80
Patch
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2021-1034_esdoc-publish-html-plugin/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:esdoc:esdoc-publish-html-plugin:*:*:*:*:*:*:*:*

Версия до 1.1.2 (включая)

EPSS

Процентиль: 30%

0.00109

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-28vr-33jf-c3cc