CVE-2021-3427

Опубликовано: 26 авг. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.

Ссылки

https://dev.deluge-torrent.org/ticket/3459
Exploit
Issue Tracking
Patch
Vendor Advisory
https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg
Exploit
Issue Tracking
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202210-07
Third Party Advisory
https://dev.deluge-torrent.org/ticket/3459
Exploit
Issue Tracking
Patch
Vendor Advisory
https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg
Exploit
Issue Tracking
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202210-07
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deluge-torrent:deluge:*:*:*:*:*:*:*:*

Версия до 2.1.0 (исключая)

EPSS

Процентиль: 70%

0.00632

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-3427

CVSS3: 6.1

ubuntu

больше 3 лет назад

CVE-2021-3427

CVSS3: 6.1

debian

больше 3 лет назад

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. ...

GHSA-5c8p-qhch-qhx6

CVSS3: 6.1

github

больше 3 лет назад

Deluge Web-UI vulnerable to XSS through a crafted torrent file

EPSS

Процентиль: 70%

0.00632

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79