CVE-2021-32812

Name of the Vulnerable Software and Affected Versions Monkshu versions 2.90 and earlier

Description Monkshu is an enterprise application server for mobile apps, responsive HTML 5 apps, and JSON API services. In the frontend HTTP server, there is a reflected cross-site scripting issue. An attacker can send a carefully crafted URL along with a known bug in the server, causing a 500 error, and the response will embed the URL provided by the hacker. The impact is moderate, as the hacker must also be able to craft an HTTP request that causes a 500 server error. No such requests are known at this point.

Recommendations For versions 2.90 and earlier, update to version 2.95 to resolve the issue. As a temporary workaround, consider using a disk caching plugin to mitigate the risk.