PT-2021-18156 · Remark42 · Remark42
Ryotak
·
Published
2021-03-27
·
Updated
2021-06-04
·
CVE-2021-29271
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
remark42 versions prior to 1.6.1
Description:
The issue allows for XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
Recommendations:
For versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the input for the
Locator field to prevent XSS payloads.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Remark42