CVE-2021-3866

Опубликовано: 20 янв. 2022

Источник: nvd

CVSS3: 6.8

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.

Ссылки

https://blog.zulip.com/2022/01/19/cve-2021-3866/
Vendor Advisory
https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
Patch
Third Party Advisory
https://huntr.dev/bounties/5f48dac5-e112-4b23-bbbf-cc00ba83bcf2
Exploit
Third Party Advisory
https://blog.zulip.com/2022/01/19/cve-2021-3866/
Vendor Advisory
https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
Patch
Third Party Advisory
https://huntr.dev/bounties/5f48dac5-e112-4b23-bbbf-cc00ba83bcf2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*

Версия до 4.8 (включая)

EPSS

Процентиль: 69%

0.00605

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-3866

CVSS3: 5.4

debian

около 4 лет назад

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...

GHSA-c9g2-65fq-w8q5

github

около 4 лет назад

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip prior to main.

EPSS

Процентиль: 69%

0.00605

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79