CVE-2021-3780

Name of the Vulnerable Software and Affected Versions: peertube (affected versions not specified)

Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. It allows an attacker to upload an SVG image and share its URL with other users. When the URL is opened, the attacker can steal the user's complete session keys, which are stored in local storage and can be easily accessed with JavaScript.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.