Onenav · Onenav · CVE-2021-38138
Name of the Vulnerable Software and Affected Versions:
OneNav beta version 0.9.12
Description:
The issue allows for XSS via the Add Link feature. The vendor has stated that there is intentionally no XSS protection at present, as the attack risk is largely limited to a compromised account. However, XSS protection is planned for a future release.
Recommendations:
For OneNav beta version 0.9.12, consider disabling the Add Link feature until XSS protection is implemented in a future release.