PT-2021-18559 · Unknown · Hubs Cloud
Muhammad R. Maulana
·
Published
2021-08-02
·
Updated
2021-08-11
·
CVE-2021-29979
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Hubs Cloud versions prior to 1.0.1/20210618012634
Description
The issue allows users to download shared content, specifically HTML and JS, which could enable javascript execution in the Hub Cloud instance's primary hosting domain.
Recommendations
For versions prior to 1.0.1/20210618012634, consider restricting the download of shared HTML and JS content to prevent potential javascript execution in the primary hosting domain. As a temporary workaround, consider disabling the feature that allows users to download shared content until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hubs Cloud